Cyber novices: One third of Irish firms are unprepared for online security breaches

Some firms pushed to the brink 

Those attacks are pushing many firms to the brink, with one in six businesses attacked (17%) saying the financial impact materially threatened the company’s future. Out of the global study, Ireland had the largest proportion of firms (36%) ranked as cyber novices — meaning that they are not as well prepared for a cyber-attack, based on the Hiscox Cyber Readiness model.

Ireland fares poorly among eight countries surveyed

The report surveyed a representative sample of organisations in the US, UK, Belgium, France, Germany, Spain, and the Netherlands and included 320 companies in Ireland.

It found that 39% of Irish companies suffered a cyber attack in the past 12 months, with 70% of those companies targeted more than once.

The highest cost of a single incident or breach to a firm was €742,923, while the median cost was around €6,937.

Around one in every six firms attacked (16%) was targeted with ransomware, and 75% of those firms paid up, either to recover data or to prevent publication of sensitive information. The single largest ransom paid in Ireland was close to €40,000.

Phishing, credential theft, and cloud servers

Phishing emails were the main way in for the extortionists (65%), with smaller companies particularly likely to succumb. Other methods of entry included credential theft through the reuse of staff usernames or passwords, third-party suppliers, and unpatched corporate cloud servers.

On average, Irish firms allocate 21% of their IT budget to cybersecurity. This figure is up from 13% in 2020.

Richard O’Dwyer, managing director at Hiscox Ireland, commented: “The results of this report are chilling. 

One of the big takeaways is the worrying range of financial impacts that cyber attacks can have on a business. 

"The risk of inaction is that the next attack could be enough to sink the business — particularly with the challenging times at present."