Almost three quarters (71%) of Irish businesses suffered at least one cyber attack over the last 12 months – a 22-point increase on the previous year (50%) according to new data from the latest Hiscox Cyber Readiness Report [https://www.hiscox.ie/cyber-readiness-report-2023].
Ireland is seen as ‘ground zero’ for cyberattacks across the annual global study, now in its seventh year, with the highest median average number of attacks (20) in all countries studied, a fourfold increase on the previous year. The global percentage of companies suffering at least one cyber attack is 53%.
In line with Belgium, The Netherlands and France, the most common point of entry for hackers was a corporate-owned server (57%), while the most common outcome was a financial loss due to Payment Diversion Fraud (43%).
Despite the high number of attacks, Ireland’s cost of all cyberattacks is relatively low: 51% stated their annual bill was below €10k, a big improvement on last year when only 35% were below €10k.
Consequently, the mean and median averages have significantly dropped in Ireland, with the median cost attack €8,860 compared with €15,103 last year, while the largest single attack was €118,128, compared with €5,198,000 in the 2022 report.
As with last year’s study, Ireland is again more likely than any other country to pay a ransom (77%), with Phishing (70%) overtaking ‘unpatched servers’ (now just 20%) as the most likely entry point.
Ransoms were paid, whether to recover data or prevent the publishing of sensitive data, but only a third (33%) reported the full recovery of data, with 31% saying the attacker asked for more money.
Of all countries surveyed, cyber insurance ownership is highest in Ireland (69%), and the majority of those have a standalone policy (44%). IT spending has increased from a median of €468,280 to €890,560, but cyber-specific spending has increased by just one point, from 22% to 23%.
The changing nature of work has also made an obvious impact, as the average number of staff in Irish companies working remotely dropped from 43% to 20%. This may explain how businesses are now more concerned about “rapid business growth outpacing cyber risk management controls” (32%) and “lack of government intervention” (32%) than “employees working remotely” (23%) which was last year’s most significant concern.
Simon Sheahan, Senior Cyber Claims Specialist at Hiscox Ireland, commented: “The fact that Ireland tops the list of cyber insurance ownership is a welcome one, but with the growing number of attacks on business increasing for the third year in a row, it illustrates how cyber must now be viewed as a standard business risk.
Preparing for the worst is welcome, but trying to stay ahead of the threats is equally important and we see that hackers are constantly changing how they work to identify new vulnerabilities, as we can see from the rise of Phishing emails as the main entry point.
It is positive that the median cost for Irish businesses has dropped, but the significant increase in the number of businesses being attacked means we must all remain vigilant of the growing threats.”
