25pc of Irish SMEs have paid multiple ransoms to cybercriminals, survey finds
Most of the surveyed SMEs that paid a ransom still had their sensitive data leaked into the public domain.
Around one-quarter of Irish SMEs have paid ransomware criminals multiple times, according to a new survey from IT service provider Typetec.
One-third of the 200 businesses surveyed said they paid ransoms, with 74pc of those paying multiple times. The survey found that Irish SMEs paid an average ransom of €22,773.
But the survey also suggested that paying a ransom usually doesn’t benefit businesses. More than two-thirds of those that paid a ransom still had their sensitive data leaked into the public domain.
More than half of the SMEs that paid a ransom said their sensitive data was placed on the dark web, while 71pc feel they are now more vulnerable to an attack.
The survey was commissioned by Typetec and conducted by Censuswide. Typetec CTO Trevor Coyle said the research highlights that a “significant number” of Irish SMEs are paying out ransoms on a “regular basis”.
“Businesses can’t put a price on their data or reputations,” Coyle said. “When attacks happen and ransoms are paid, data is typically still being leaked into the public domain and onto the dark web regardless.”
Last month, Ireland’s National Cyber Security Centre (NCSC) and the Garda National Cyber Crime Bureau warned that ransomware groups are increasingly targeting smaller businesses in the country.
The Government advised SMEs to avoid paying ransoms and to report incidents to the NCSC and An Garda Síochána.
More than half of Irish SMEs surveyed by Typetec hold a cryptocurrency reserve to help combat the risks of a cyberattack and nearly 70pc said they had cybercrime insurance. Despite this, 71pc of the SME owners believe the cyber insurance market is fuelling the ransomware crisis.
“While the majority of business owners believe that the cyber insurance market is fuelling the ransomware crisis, unfortunately many Irish SMEs are getting caught in the crossfire,” Coyle said.
“Ultimately, they need to be more proactive about putting the right cybersecurity measures in place as the ostrich approach is not acceptable anymore.”
Reporting: Silicon Republic