One third of Irish businesses have been forced to pay a ransom to cyber criminals in the past year, a new survey has revealed.
The survey, conducted by Censuswide on behalf of technology services company Expleo, revealed that medium to large-sized businesses on both sides of the Border plan to spend an average of €1.18 million on cybersecurity strategy over the next 12 months.
The push to increase security arrangements comes against a backdrop of heightened threat levels and the introduction of new European Union cybersecurity laws that come into effect next year.
Based on a poll of more than 200 organisations in the Republic and Northern Ireland conducted in July, the survey found that one-third of business have paid a ransom to cyber criminals in the past year. Another third of businesses said they had been severely impacted by a cybersecurity threat while 31 per cent said their organisation had dealt with a threat in their wider supply chain over the past 12 months.
Half of the respondents admitted their defences were breached by a ransomware attack over the past year.
Meanwhile, 53 per cent said they were severely compromised by so-called “social engineering” attacks in which individuals within their organisation were manipulated into handing over information to criminals. An overwhelming 89 per cent of businesses said they were targeted in this manner, 60 per cent of which said the attack had resulted in a security breach of some variety.
[ New cybersecurity laws ‘could double’ number of reported breachesOpens in new window ]
Rob McConnell, global solutions director at Expleo Global, said the research shows businesses that have negotiated one form of attack will likely not be so fortunate with other forms.
“We have reached the point where it is not if you will be targeted, but when and how often,” he said. “Every single business should expect to be targeted by sophisticated attacks on an ongoing basis. It is only with this level of pragmatism that they will be able to deploy the defences needed to combat or detect these advances.”
Amid rising threat levels, medium and large businesses will spend an average of €1.18 million to boost their defences in the next 12 months. One in seven survey respondents said they could well spend more than that with more than a quarter of organisations admitting their cybersecurity systems are out of date.
Mr McConnell said the reality of doing business today was that organisations must adopt “zero-trust frameworks” in which their networks treat even senior executives as potential threat vectors. However, he said businesses also need to adopt a “culture of openness” to remove the “blame game” element of cybersecurity and allow personnel to work “more proactively” towards creating secure environments.
The EU Digital Operational Resilience Act (Dora), which comes into effect in January, sets out a range of new rules for financial institutions to follow regarding their protection, detection, containment, recovery and response capabilities for ICT-related incidents.
Earlier this month, the Compliance Institute said the volume of reported incidents was “very likely” to at least double once the new framework was in place.
- Sign up for Business push alerts and have the best news, analysis and comment delivered directly to your phone
- Join The Irish Times on WhatsApp and stay up to date
- Our Inside Business podcast is published weekly – Find the latest episode here