Expleo survey of business and IT leaders in organisations in Ireland with 250+ employees reveals 29% of firms paid ransoms last year
The average large enterprise in Ireland paid €683,000 in cyber ransoms last year, according to new research from consulting firm Expleo.
Expleo surveyed 200 business and IT decision-makers in Ireland, in enterprises with 250+ employees, as part of its Business Transformation Index 2025 report. The research aims to explore the key challenges facing businesses in 2025, including cybersecurity. It found that 29% of large organisations in Ireland paid at least one cybersecurity ransom in the last 12 months.
“The fallout from a cyberattack can be devastating for businesses, resulting in severe financial losses, compromised data, and reputational damage that can jeopardise long-term stability”
The research shows that large enterprises are living in fear of cybercrime, with 24% admitting that they expect to fall victim to an attack in the coming year. Alarmingly, there are also growing fears about state-sponsored attacks, with 63% saying state-sponsored cyberterrorism is more of a risk to their business than it was a year ago.
War chest for hackers
These fears have made paying a ransom something that many are now preparing for, with one in five (22%) of large businesses setting aside budget for the payment of ransoms, averaging €2.7m each.
Large enterprises are also preparing to invest in bolstering their defences, particularly in response to the proliferation of artificial intelligence in cybercriminal activity. Almost one third (30%) will increase their investment in cybersecurity in direct response to a surge in AI-driven attacks. However, this is a smaller proportion than the 41% of large enterprises who fell victim to an AI-powered cyberattack in the last 12 months.
The most common successful method of attack is ‘whaling,’ which sees cybercriminals specifically targeting senior executives, who often have access to valuable financial and sensitive information. Exactly half of respondents said that a whaling attempt had resulted in a breach in their organisation in the last 12 months, while 85% said there had been at least one attempt.
Although businesses are continuing to direct resources towards cybersecurity, 22% admit to having outdated processes and technologies and a further 17% say they are not investing enough.
Ransom realities
“Ransom demands are no longer just a threat – they are now a mainstay of cybersecurity strategies for organisations,” said Expleo Ireland’s country leader Phil Codd.
“The fallout from a cyberattack can be devastating for businesses, resulting in severe financial losses, compromised data, and reputational damage that can jeopardise long-term stability. Mitigating the risk is a constant task that must be undertaken.
“Regardless of an enterprise’s position on ransom payments, each one of them must focus on a whole-organisation approach to prevention. This requires investing in continuous employee training and education, putting the right systems in place and maintaining constant vigilance through regular monitoring and audits.
“Whether it’s an AI attack or not, cybercrime, at its core, is about people and there is a real-life fallout from every attack,” Codd warned.
“As businesses continue to digitally transform, they must ensure they put people at the centre. Working with the right partners and doing everything they can to protect their people and customers is paramount in today’s business environment.”
-
Bank of Ireland is welcoming new customers every day – funding investments, working capital and expansions across multiple sectors. To learn more, click here
-
For support in challenging times, click here
-
Listen to the ThinkBusiness Podcast for business insights and inspiration. All episodes are here. You can also listen to the Podcast on:
-
Spotify
-
SoundCloud
-
Apple
