Average large enterprise in Ireland paid €683K in cyber ransoms in 2024

Dublin – 17 July 2025, Expleo, the global technology, engineering and consulting service provider, today announces new survey results, revealing that the average large enterprise in Ireland paid €683K in cyber ransoms last year.

Expleo surveyed 200 business and IT decision-makers in Ireland, in enterprises with 250+ employees, as part of its Business Transformation Index 2025 report. The research aims to explore the key challenges facing businesses in 2025, including cybersecurity. It found that 29% of large organisations in Ireland paid at least one cybersecurity ransom in the last 12 months.

The research shows that large enterprises are living in fear of cyber-crime, with 24% admitting that they expect to fall victim to an attack in the coming year. Alarmingly, there are also growing fears about state-sponsored attacks, with 63% saying state-sponsored cyberterrorism is more of a risk to their business than it was a year ago.

These fears have made paying a ransom something that many are now preparing for, with over one in five (22%) of large businesses setting aside budget for the payment of ransoms, averaging €2.7M each.

Large enterprises are also preparing to invest in bolstering their defences, particularly in response to the proliferation of Artificial Intelligence (AI) in cyber-criminal activity. Almost one third (30%) will increase their investment in cybersecurity in direct response to a surge in AI-driven attacks. However, this is a smaller proportion than the 41% of large enterprises who fell victim to an AI-powered cyber-attack in the last 12 months.

The most common successful method of attack is ‘whaling,’ which sees cyber-criminals specifically targeting senior executives, who often have access to valuable financial and sensitive information. Exactly half of respondents said that a whaling attempt had resulted in a breach in their organisation in the last 12 months, while 85% said there had been at least one attempt.

Although businesses are continuing to direct resources towards cybersecurity, 22% admit to having outdated processes and technologies and a further 17% say they are not investing enough.

Phil Codd, Managing Director for Ireland, Expleo, said: “Ransom demands are no longer just a threat – they are now a mainstay of cybersecurity strategies for organisations. The fallout from a cyber-attack can be devastating for businesses, resulting in severe financial losses, compromised data, and reputational damage that can jeopardise long-term stability. Mitigating the risk is a constant task that must be undertaken.

“Regardless of an enterprise’s position on ransom payments, each one of them must focus on a whole-organisation approach to prevention. This requires investing in continuous employee training and education, putting the right systems in place and maintaining constant vigilance through regular monitoring and audits. Whether it’s an AI attack or not, cyber-crime, at its core, is about people and there is a real-life fallout from every attack. As businesses continue to digitally transform, they must ensure they put people at the centre. Working with the right partners and doing everything they can to protect their people and customers is paramount in today’s business environment.”