Over half of small and medium-sized businesses in Ireland have paid a ransom to a cybercriminal, according to a survey by IT and cyber security solutions provider Typetec.
The average ransom amount paid was €22,712, the data shows.
More than a quarter of those businesses who paid a ransom failed to have all affected data restored, while 60% of business owners said that sensitive data was leaked on the dark web, despite paying the ransom.
57% of small business owners also revealed that they keep a cryptocurrency reserve in case they are needed to pay a ransom.
The survey of more than 200 business owners was conducted by independent research company Censuswide.
When asked about their biggest fears in terms of cybersecurity, loss of customers ranked first, followed by loss of employees and sensitive data being made available on the dark web.
More than a quarter of company owners surveyed said they fear going out of business in the event of a successful cyber-attack.
Despite these findings and the increased awareness of ransomware and other security threats, only 39% of SMEs in Ireland consider themselves to be very well protected from cyber-attacks.
"While we were aware of the growing trend that businesses are being forced to pay ransoms to cybercriminals, we are still alarmed by how widescale it is in Ireland," said Trevor Coyle, Chief Technology Officer at Typetec.
"With tens of thousands of small and medium-sized businesses operating here, this means staggering amounts of money - often in the form of cryptocurrencies - are being lost to cyber criminality," he said.
Mr Coyle said it is important that business owners become proactive rather than reactive when it comes to protecting their customers, their employees and their business.
"These threats are not going away.
"A clearly defined and well managed cybersecurity strategy - particularly in an increasingly hybrid working world - is an absolute necessity for businesses of all sizes," he said.
