Irish firms raise ransomware budgets as threats grow
Pro
Phil Codd, Managing Director for Ireland, Expleo
The average large enterprise in Ireland paid €683,000 in cyber ransoms last year, and just under a quarter are living in fear of a successful cyberattack in the coming 12 months.
As a result, one in five (22%) of large businesses are setting aside a budget for the payment of ransoms, averaging €2.7m each.
These are the findings of a survey of 200 business and IT decision-makers in Ireland in enterprises with 250+ employees, conducted by global technology, engineering, and consulting service provider, Expleo.
The survey revealed that 29% of large organisations paid at least one cybersecurity ransom in the past 12 months, and 24% expect to fall victim to an attack in the coming year.
41% of respondents admitted they had fallen victim to an AI-powered cyberattack in the last 12 months, but less than a third (30%) are preparing to invest in bolstering their defences to counter AI-driven attacks in cybercriminal activity.
The survey also revealed growing fears of state-sponsored attacks, with 63% citing state-sponsored cyberterrorism as more of a risk to their business than it was a year ago.
The most successful method of attack was ‘whaling,’ where cybercriminals target senior executives who have access to valuable financial and sensitive information. Half of the respondents said a whaling attempt had resulted in a breach in their organisation in the last 12 months, while 85% said there had been at least one attempt.
Although businesses are continuing to direct resources towards cybersecurity, 22% admit to having outdated processes and technologies, and a further 17% say they are not investing enough.
Phil Codd, Managing Director for Ireland, Expleo, said: “Ransom demands are no longer just a threat – they are now a mainstay of cybersecurity strategies for organisations. The fallout from a cyberattack can be devastating for businesses, resulting in severe financial losses, compromised data, and reputational damage that can jeopardise long-term stability. Mitigating the risk is a constant task that must be undertaken.”
The research is in line with the findings of the Sophos State of Ransomware Report, which found that nearly 50% of companies across 17 countries had paid a ransom after a ransomware attack. But the report found a significant decrease in the average ransomware payment from $2m in 2024 to $1m in 2025.
TechCentral Reporters