Almost one in three small and medium firms in Ireland say they have experienced some form of cybercrime in the past year, according to the findings of a new EU-wide study.
Research commissioned by the European Commission shows that 32% of SMEs in the Republic reported some type of illegal online activity affecting their business in the previous 12 months.
Across the EU, an average of 28% of SMEs reported experiencing at least some form of cybercrime, with the levels ranging from 15% in Sweden to 48% in Portugal.
The survey also revealed that 12% of Irish SMEs who were victims of cybercrime said they had paid ransom money — double the EU average rate.
It found Irish SMEs recorded above-average levels of incidents with ransomware, with 8% reporting such cases — also double the EU average.
Only 9% of Irish firms who experienced some type of cybercrime last year said their business had not been affected by the incident in any way — the lowest rate across all 27 EU member states, where the average was 39%.
The Eurobarometer poll of more than 12,800 SMEs across the EU, including more than 500 in Ireland, was carried out at the end of last year.
It also highlighted how 87% of Irish firms reported an incident of cybercrime to someone — the highest rate in the EU.
A European Commission spokesperson said the pandemic posed additional cybersecurity challenges as many SMEs had to take new measures such as adopting cloud services, upgrading their internet service, improving their websites and enabling staff to work remotely in order to survive the pandemic and stay in business.
“The Covid-19 crisis showed how important the internet and computers, in general, are for SMEs to maintain their business,” the spokesperson added. “It led to an increased digital transformation for SMEs and at the same time to a higher exposure to cybercriminal activities.”
Gardaí are the most likely body to which SMEs report cybercrime in Ireland, with 38% having done so, while 34% said they had reported such cases to their internet service provider.
The most common reason cited by Irish firms why they would not report an incident of cybercrime to gardaí was because they had dealt with the matter internally.
The research showed Irish SMEs were most likely to have experienced phishing or impersonation attacks, with 11% of firms reporting such cybercrime.
Another 9% said they had been victims of viruses or spyware or malware, while 6% had experienced attempts to hack into an online bank account.
It found the larger the SME in terms of number of employees, the more likely it was to have been a victim of cybercrime.
Asked about the nature of the most serious incident of cybercrime, 37% of SMEs in the Republic said scams and frauds, while 35% said “password cracking” and 28% stated malicious software.
Just over a third of Irish SMEs said their business was most impacted by cybercrime in terms of the repair or recovery costs.