Of those Irish SMEs that have paid a ransom to cybercriminals, almost three-quarters (74%) have done so on multiple occasions.
One-third of Irish SMEs have paid a ransom to cybercriminals in the past year, down from 52% a year earlier.
On average Irish SMEs paid hackers a ransom of €22,773, according to research from Irish IT firm Typetec.
“Businesses can’t put a price on their data or reputations. When attacks happen and ransoms are paid, data is typically still being leaked into the public domain and onto the dark web regardless”
The study found that one quarter (25%) of Irish SMEs have paid out ransoms to cybercriminals on multiple occasions.
In total, one-third (33%) of SMEs in Ireland have paid ransoms, with 74% of these having done so on multiple occasions. In 2021, Typetec’s survey found that 52% of all SMEs had paid ransoms to cybercriminals.
The 2022 survey of 200 small and medium-sized business owners – commissioned by Typetec and conducted by Censuswide – is the second successive year that the research has been carried out. This year’s survey reveals that the average cost of a ransom is now €22,773, in line with last year’s average of €22,712.
Sensitive data leaks
The new research also found that two-thirds (67%) of SMEs that paid a ransom, still had their sensitive data leaked into the public domain. More than half (53%) said their sensitive business data was placed on the dark web. Of the SME owners that have already paid a ransom, 71% feel they are now more vulnerable to an attack.
To help combat the financial risks of a cyberattack, the survey revealed that over half of Irish SMEs (52%) hold a cryptocurrency reserve in case needed. A further 69% hold cybercrime insurance. However, 71% of SME owners believe that the cyber insurance market is fuelling the ransomware crisis.
“Our new research highlights that a significant number of Irish SMEs are paying out ransoms to cybercriminals, often on a regular basis,” said Trevor Coyle, chief technology officer at Typetec.
“Crypto reserves and cyber insurance are also part of the recovery tactics of most businesses surveyed. However, businesses can’t put a price on their data or reputations. When attacks happen and ransoms are paid, data is typically still being leaked into the public domain and onto the dark web regardless.
“It’s crucial for businesses to have a coordinated cybersecurity strategy in place, with a particular emphasis on best practice basics such as continuous cybersecurity awareness training for employees. General housekeeping does not need heavy investment and will almost always be less costly than the financial and reputational repercussions of a successful attack.
“While the majority of business owners believe that the cyber insurance market is fuelling the ransomware crisis, unfortunately many Irish SMEs are getting caught in the crossfire. Ultimately, they need to be more proactive about putting the right cybersecurity measures in place as the ostrich approach is not acceptable anymore.”