Third of Irish business have paid a ransom in past year, says Expleo
Almost a third (31%) of businesses in Ireland reserve budget to pay ransoms in the event of successful cyber attacks, according to figures from Expleo released in advance of its Business Transformation Index for 2024. The survey also found that despite most organisations tackling multiple cyber-threats on an ongoing basis, only a small proportion expect to fall victim to a cyber attack in the next 12 months.
The analysis of medium- to large-sized businesses across the island of Ireland, uncovering the impact and prevalence of cyber security threats found that the payment of ransoms, and the expectation of paying them, is embedded in many organisations’ cyber security strategies. In the last 12 months alone, 33% of businesses surveyed had paid a ransom to cyber-criminals.
The research found that one-third of enterprises had been severely impacted by an incident within their organisation in the last 12 months, while 31% had been severely impacted by a cyber security incident in their supply chain.
Businesses are preparing for significant investments in cyber security in the next 12 months with the average enterprise spending €1.18 million on cyber security. Signalling what this could be spent on for some, a sizeable proportion (27%) of organisations reported that their security technologies and processes were outdated. Meanwhile, a quarter of businesses admitted that they do not invest enough in cyber security.
Overall, the survey pointed to an acceptance among businesses that they will fall victim to cyber attacks, with 29% saying they anticipated this in the next 12 months. However, this is far lower than the proportion of businesses who fell victim to cyber attacks over the same period. Half of all businesses admitted that their defences were breached by a ransomware attack, rising to 53% who fell victim to a social engineering attack.
The majority of businesses had also been targets of voice-cloning, phishing, whaling (phishing attacks on senior figures in the organisation), malware and AI-powered attacks in the past year, with success rates of between 40% and 50%.
Rob McConnell, global solutions director, Expleo Group (pictured), said: “Given the high success rates of known cyber attack attempts, our research shows that if businesses have avoided falling victim to one type of attack, they have probably not been so fortunate with another. We have reached the point where it is not if you will be targeted, but when and how often. Every single business should expect to be targeted by sophisticated attacks on an ongoing basis. It is only with this level of pragmatism that they will be able to deploy the defences needed to combat or detect these advances.
“At the most basic level, enterprises must be confident that they are investing enough in cybersecurity and that their systems and processes are constantly being updated and reinforced. But that will only go so far in protecting them. Organisations must adopt zero-trust frameworks which mean even the CEO is not trusted by the network.
“This is the reality of doing business anywhere in the world today. Businesses that accept this can adopt a culture of openness that will remove some of the blame game associated with cyber security. In doing so, they will be able to work proactively towards a more robust organisation with the mindset and infrastructure needed to mitigate risk.”
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers