A third of Irish businesses have paid ransom to cybercriminals, with a quarter saying they had done so multiple times, a new survey has claimed.
The Typetec survey found the average cost of ransom paid was just under €23,000, and two-thirds of those who paid said they had done so multiple times. More than 70 per cent said they felt more vulnerable to an attack.
The overall number of businesses that had paid such a ransom was lower than last year, when the figure stood at 52 per cent. However, despite complying with the demands, more than two-thirds said sensitive data was leaked anyway, with 53 per cent saying it was placed on the dark web.
More than half of Irish SMEs have a reserve of cryptocurrency to meet the demands that could possibly be placed on them, while 69 per cent now have cybercrime insurance.
“Our new research highlights that a significant number of Irish SMEs are paying out ransoms to cybercriminals, often on a regular basis. Crypto reserves and cyber insurance are also part of the recovery tactics of most businesses surveyed. However, businesses can’t put a price on their data or reputations. When attacks happen and ransoms are paid, data is typically still being leaked into the public domain and onto the dark web regardless,” said Trevor Coyle, chief technology officer of Typetec.
“It’s crucial for businesses to have a co-ordinated cybersecurity strategy in place, with a particular emphasis on best practice basics such as continuous cybersecurity awareness training for employees. General housekeeping does not need heavy investment and will almost always be less costly than the financial and reputational repercussions of a successful attack.”
Some 71 per cent of businesses said they felt the cybercrime insurance industry was fuelling the ransomware crisis.
“While the majority of business owners believe that the cyber insurance market is fuelling the ransomware crisis, unfortunately many Irish SMEs are getting caught in the crossfire. Ultimately, they need to be more proactive about putting the right cybersecurity measures in place as the ostrich approach is not acceptable anymore,” Mr Coyle said.