One-third of Irish SMEs have paid ransoms to cybercriminals in the last year, according to new figures released by IT and cyber-security firm Typetec.
The survey of 200 Irish businesses found that almost three-quarters of those who paid a ransom this year did so multiple times.
The average ransom paid by targeted businesses was €22,773.
Despite paying the ransom, 67 per cent of respondents said their sensitive data was leaked into the public domain.
The 33 per cent of businesses targeted represents a significant drop on figures last year, however, when 52 per cent of SMEs who responded said they had paid a ransom to a cybercriminal.
71 per cent of businesses targeted this year said that they now feel “more vulnerable” to a cyberattack.
Some businesses are turning to cryptocurrency to combat the financial risks of cyberattacks, with 52 per cent of Irish SMEs holding crypto in reserve.
A further 69 per cent hold cybercrime insurance. However, 71 per cent of SME owners believe that the cyber insurance market is fuelling the ransomware crisis.
Trevor Coyle, Chief Technology Officer, Typetec said: “Our new research highlights that a significant number of Irish SMEs are paying out ransoms to cybercriminals, often on a regular basis.
“Crypto reserves and cyber insurance are also part of the recovery tactics of most businesses surveyed.
“However, businesses can’t put a price on their data or reputations. When attacks happen and ransoms are paid, data is typically still being leaked into the public domain and onto the dark web regardless.
Mr Coyle called on businesses to be more proactive in tackling the risk of cybercrime.
“It’s crucial for businesses to have a coordinated cybersecurity strategy in place, with a particular emphasis on best practice basics such as continuous cybersecurity awareness training for employees.
“General housekeeping does not need heavy investment and will almost always be less costly than the financial and reputational repercussions of a successful attack.
“Ultimately, they need to be more proactive about putting the right cybersecurity measures in place as the ostrich approach is not acceptable anymore.”