RECENT research shows a sharp rise in the frequency and financial toll of cyberattacks targeting businesses across Ireland.
A new study conducted by technology consultancy Expleo surveyed 200 business and IT makers from Irish firms with over 250 employees.
Nearly 30% of large enterprises were forced to pay at least one cyber ransom in the past year, with the average payment reaching €683,000.
A fifth of companies now reserve an average of €2.7 million in anticipation of future cyberattacks—evidence that for many, ransomware is no longer a threat but a certainty.
Cybercriminals are increasingly turning to targeted techniques such as "whaling"—a form of phishing that focuses on high-ranking executives like CEOs and CFOs.
Half of the organisations surveyed reported a successful breach through this method in the past year, while a staggering 85% said they had encountered at least one attempt.
AI attacks are also becoming more common.
Forty-one percent of large businesses experienced an attack in the last 12 months.
Despite this, only 30% of businesses are increasing their cybersecurity investments, while 22% say their technologies are outdated and 17% say they are underinvesting altogether.
According to Expleo's Business Transformation Index 2025, 24% of enterprise leaders expect to fall victim to a cyberattack within the next year.
Many now view cybercrime as an unavoidable cost of doing business.
Phil Codd, managing director of Expleo Ireland, emphasised the gravity of the situation: “Ransom demands are no longer just a threat—they are now a mainstay of cybersecurity strategies for organisations. Whether it’s an AI attack or not, cybercrime, at its core, is about people—and there is a real-life fallout from every attack.”
The consequences are not just financial.
Research by Gallagher Insurance found that among Irish companies that experienced cyberattacks over the past five years, 88% reported financial losses and operational disruptions.
Additional consequences included intellectual property theft (26%), supply chain interruptions (23%), and reputational damage (23%).
Another growing concern is state-sponsored cyberterrorism.
Nearly two-thirds (63%) of Irish business leaders say it now poses a greater threat than it did a year ago.
The National Treasury Management Agency (NTMA), which oversees the €17 billion Ireland Strategic Investment Fund (ISIF), recently fell victim to a phishing scam.
A fraudulent payment request—disguised to resemble a legitimate one—led to the loss of €5 million.
The breach led to a review of the NTMA's security protocols.
While awareness of cyber threats is high—over 90% of Irish business leaders expressed concern about rising cybercrime—preparedness remains a worry.
The disconnect between risk perception and investment is especially alarming in the face of rapidly advancing attack vectors.
Cybersecurity experts warn that organisations must move from reactive to proactive strategies.
This includes modernising outdated systems, training staff to recognise suspicious tactics and pouring more resources into cyber defence.
See More: Cyber Attack, Cyber Crime, Expleo, ISIF, NTMA
