A fifth of Irish businesses have fallen victim to ransomware attacks but the majority of firms said they would never pay a ransom, new research has found.

The survey, which was carried out by IT firm Data Solutions in association with TechPro magazine, found 93 per cent of businesses would refuse to hand over money to attackers if they found themselves in such a situation.

Ransomware attacks typically see business data held or encrypted by attackers.

However, Data Solutions group managing director Michael O’Hara said companies may feel differently if they were faced with the reality of a ransomware attack.

“Some 93 per cent say that they would never pay a ransom but faced with the reality of an actual ransomware attack I think you’d find most would. Every business has sensitive or mission critical data and ultimately it would come down to a business decision if that was under threat,” he said.

There is a lot at stake for firms. More than 40 per cent cited brand and reputation damage as a key risk of an attack and 55 per cent were concerned about data loss.

IT defences

The ongoing threats have prompted companies to invest more in security, with 80 per cent of those surveyed saying they had upgraded their IT defences in the past year and 5 per cent expecting to shell out more this year on security than they did in 2015.

Despite this, only 10 per cent of companies had absolute confidence in their IT security measures.

“The fact that 80 per cent of businesses are upgrading and changing their security infrastructure is reassuring but it begs the question: what are the other 20 per cent doing? Cybercriminals are forever changing their approach and businesses need to constantly adapt to keep up,” Mr O’Hara said.

It is not just ransomware that is popping up on the radar though. DDoS attacks, such as those that hit Government websites in recent months, social engineering and data destruction were all on the list of worries for Irish firms.

Companies were also underestimating the risk from the supply chain. Despite almost half of those surveyed claiming to be concerned about attacks through this channel, 23 per cent do not have specific requirements for information security in the contracts of third-party suppliers. Data Solutions said the figure was rising.