Typetec survey reveals one-quarter of Irish SMEs have paid multiple ransoms to cybercriminals

Typetec, one of Ireland’s leading managed IT and cyber security solutions providers, today announces the results of its latest annual survey* of SME owners in Ireland, which finds that one quarter (25%) of Irish SMEs have paid out ransoms to cybercriminals on multiple occasions.

In total, one-third (33%) of SMEs in Ireland have paid ransoms, with 74% of these having done so on multiple occasions. In 2021, Typetec’s survey found that 52% of all SMEs had paid ransoms to cybercriminals.

The 2022 survey of 200 small and medium-sized business owners – commissioned by Typetec and conducted by Censuswide, is the second successive year that the research has been carried out.

This year’s survey reveals that the average cost of a ransom is now €22,773, in line with last year’s average of €22,712.

The new research also found that two-thirds (67%) of SMEs that paid a ransom, still had their sensitive data leaked into the public domain. More than half (53%) said their sensitive business data was placed on the dark web. Of the SME owners that have already paid a ransom, 71% feel they are now more vulnerable to an attack.

To help combat the financial risks of a cyberattack, the survey revealed that over half of Irish SMEs (52%) hold a cryptocurrency reserve in case needed. A further 69% hold cybercrime insurance. However, 71% of SME owners believe that the cyber insurance market is fuelling the ransomware crisis.

Trevor Coyle, Chief Technology Officer, Typetec said: “Our new research highlights that a significant number of Irish SMEs are paying out ransoms to cybercriminals, often on a regular basis. Crypto reserves and cyber insurance are also part of the recovery tactics of most businesses surveyed. However, businesses can’t put a price on their data or reputations. When attacks happen and ransoms are paid, data is typically still being leaked into the public domain and onto the dark web regardless.

“It’s crucial for businesses to have a coordinated cybersecurity strategy in place, with a particular emphasis on best practice basics such as continuous cybersecurity awareness training for employees. General housekeeping does not need heavy investment and will almost always be less costly than the financial and reputational repercussions of a successful attack. 

“While the majority of business owners believe that the cyber insurance market is fuelling the ransomware crisis, unfortunately many Irish SMEs are getting caught in the crossfire. Ultimately, they need to be more proactive about putting the right cybersecurity measures in place as the ostrich approach is not acceptable anymore.”

See more stories here.