Expleo, a global engineering, technology and consulting service provider, announced research findings which show that 31% of businesses in Ireland reserve budget to pay ransoms in the event of successful cyberattacks.
The survey also found that despite most organisations tackling multiple cyber threats on an ongoing basis, only a small proportion expect to fall victim to a cyber-attack in the next 12 months.
In anticipation of the launch of its Business Transformation Index 2024, Expleo’s analysis surveyed medium- to large-sized businesses across the island of Ireland, uncovering the impact and prevalence of cybersecurity threats.
It found that the payment of ransoms, and the expectation of paying them, is embedded in many organisations’ cybersecurity strategies.
In the last 12 months alone, 33% of businesses have paid a ransom to cyber-criminals.
The research found that one-third of enterprises have been severely impacted by an incident within their organisation in the last 12 months, while 31% have been severely impacted by a cybersecurity incident in their supply chain.
Given the devastating impact that cyber-attacks have on business operations and customer trust, the research found that businesses are preparing for significant investments in cybersecurity in the next 12 months.
Expleo’s research found that the average enterprise in Ireland will spend €1.18m on cybersecurity in the next 12 months with one in seven spending more than this.
Signalling what this could be spent on for some, a sizeable proportion (27%) of organisations reported that their security technologies and processes are outdated.
Meanwhile, a quarter of businesses admitted that they do not invest enough in cybersecurity.
Overall, the survey pointed to an acceptance among businesses in Ireland that they will fall victim to cyberattacks, with 29% saying they anticipate this in the next 12 months.
However, this is far lower than the proportion of businesses who fell victim to cyberattacks in the last 12 months.
Half of all businesses admitted that their defences were breached by a ransomware attack in the last 12 months, rising to 53% of businesses who fell victim to social engineering attacks.
In fact, of the 89% of businesses who said they were targeted with social engineering attacks in the last 12 months, 60% reported that the attacks resulted in a security breach.
The majority of businesses have also been targets of voice-cloning, phishing, whaling (phishing attacks on senior figures in the organisation), malware and AI-powered attacks in the past year, with success rates of between 40% and 50% across all cyberattacks.
Rob McConnell, Global Solutions Director, Expleo Group, said: “Given the high success rates of known cyber-attack attempts, our research shows that if businesses have avoided falling victim to one type of attack, they have probably not been so fortunate with another.
“We have reached the point where it is not if you will be targeted, but when and how often.
“Every single business should expect to be targeted by sophisticated attacks on an ongoing basis.
“It is only with this level of pragmatism that they will be able to deploy the defences needed to combat or detect these advances.
“At the most basic level, enterprises must be confident that they are investing enough in cybersecurity and that their systems and processes are constantly being updated and reinforced.
“But that will only go so far in protecting them. Organisations must adopt zero-trust frameworks which mean even the CEO is not trusted by the network.
“This is the reality of doing business anywhere in the world today. Businesses that accept this can adopt a culture of openness that will remove some of the blame game associated with cybersecurity.
“In doing so, they will be able to work proactively towards a more robust organisation with the mindset and infrastructure needed to mitigate risk.”
Photo: Rob McConnell, Global Solutions Director, Expleo Group