Irish businesses reserve budgets for ransoms, report claims

23 Aug 2024

Expleo Group’s global solutions director Rob McConnell.

Cybersecurity experts warn about the danger and futility of paying ransoms to cybercriminals, but that isn’t stopping many Irish businesses from preparing to meet these demands.

A new report from Expleo has found that many larger businesses in Ireland are preparing to pay ransoms in the event of a successful cyberattack.

The report looked at more than 200 business and IT leaders across the island of Ireland, who work for organisations with more than 50 employees. It found that 31pc of these businesses reserve some of their budget to pay ransoms.

This survey also suggests that 33pc of medium to large enterprises have paid a ransom to cyberattackers in the past 12 months. This highlights the prevalence of cyberattacks across the island – one-third of surveyed organisations were severely disrupted by a cybersecurity incident during the period.

The survey – shared by Expleo ahead of the launch of its latest Business Transformation Index – shows an acceptance among businesses that they will fall victim to a cyberattack. Nearly 30pc expect to be impacted within the next 12 months, though this figure is lower than the proportion of businesses that were successfully attacked in the previous 12 months.

The report shows that roughly 50pc of businesses were breached by a ransomware attack in a 12-month period, while 53pc were impacted by a “social engineering attack” such as phishing. Expleo said the success rate for all reported cyberattacks ranged between 40pc and 50pc.

“Given the high success rates of known cyberattack attempts, our research shows that if businesses have avoided falling victim to one type of attack, they have probably not been so fortunate with another,” said Rob McConnell, Expleo Group’s global solutions director. “We have reached the point where it is not if you will be targeted, but when and how often.

“Every single business should expect to be targeted by sophisticated attacks on an ongoing basis. It is only with this level of pragmatism that they will be able to deploy the defences needed to combat or detect these advances.”

Various cybersecurity experts have warned that businesses who fall victim to a cyberattack should not pay a ransom to criminals. Not only is this action fuelling the future activities of criminals, there is also no guarantee that any encrypted systems will be fixed or any stolen data will be returned.

Ireland seems to be slower to realise this than other countries. A Hiscox report last year found that Ireland is the European country most likely to pay a ransom. This report also found that only a third of Irish businesses reported recovering all data after paying a ransom, while 31pc said the attackers asked for more money after payment.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com