Tag: attacks

Think Before You Scan: That QR Code May Be a Scam

In quishing attacks, cybercriminals place QR codes containing malicious links in public places, such as parking meters or restaurants, or send these QR codes via email. Such attacks can result in financial losses, stolen personal data, or compromised device, cybersecurity experts warn.

January XX, 2026. At the start of January, the US Federal Bureau of Investigation (FBI) issued a warning against cyber attacks organised by North Korean cybercriminals who used fake QR codes to trick users into obtaining personal information. According to cybersecurity experts, similar attacks, also known as “quishing”, are on the rise not only in the US but in other countries, as cybercriminals look for new ways to profit.

Quishg (QR code phishing) is a phishing technique where cybercriminals try to trick users into scanning QR codes that lead to malicious websites. Organisations in several countries have issued warnings that bad actors place these QR codes on top of legitimate ones in public places such as kiosks, restaurants, or parking meters.

For example, last year, UK government institutions have warned users of fake QR stickers on parking machines, with victims being sent to spoofed payment pages. Meanwhile, the US Federal Trade Commission issued a similar warning about unexpected packages containing QR codes that led to phishing websites.

Such fake QR codes can also be shared online. For example, the FBI said that a North Korean state-sponsored cybercriminal group, called Kimusky, targeted employees of organizations by embedding malicious QR codes in an email. In one such instance, a QR code was presented as a way to download additional information.

According to cybersecurity experts at Planet VPN, a free virtual private network (VPN) provider, no matter where a fake QR code is placed, the scheme is similar. After scanning it, a user is often forwarded to a fake phishing website mimicking a legitimate one, such as a restaurant’s website, where cybercriminals may try to charge a user’s credit card.

According to Konstantin Levinzon, co-founder of Planet VPN, such scams can lead not only to financial losses but also to compromised devices.

“Quishing is phishing–just in a different wrapper. A QR code can lower people’s guard because this technology became ubiquitous only during the pandemic, and the threat still isn’t as widely recognized. It also shifts the “risky click” from a visible link to a quick scan, making the danger easier to miss. Attackers are refining these tactics every year and constantly finding new ways to trick users,” he says.

According to Levinzon, one reason why cybercriminals may favour QR codes in emails instead of regular phishing emails is that QR codes often bypass anti-phishing and scam filters, because these often analyze only text and links, but don’t analyze images.

And even if anti-spam filters in emails are equipped with QR code detection, cybercriminals often find new ways to bypass them, for example, by making QR codes in different colors.

Cybersecurity researchers at Proofpoint estimate that during the first half of last year, there were 4,2 million QR code-related threats. However, Levinzon says that the number is likely higher because many QR code scams are undetected.

When it comes to protecting against the growing threat, users are advised to be more deliberate about when and why they scan a QR code. If after scanning a QR code, a person is forwarded to a website that asks for payment or log-in details, this is a real warning sign.

Meanwhile, if a QR code is sent from an unknown sender via email, Levinzon advises contacting the sender directly before entering login credentials or downloading files.

“We recommend applying the same logic everywhere: stay skeptical whether you receive a message from a coworker or on your personal social media account. However, vigilance is only part of the story. To maximize security, users also need basic safeguards – use a VPN on public Wi-Fi, install updates promptly, use strong passwords, and enable multi-factor authentication on all accounts,” he says.

 

 

How Path of Exile 2’s Combat Became Its Strongest Feature Yet

When Path of Exile 2 was announced, a lot of people assumed it was going to be the same package with a prettier bow. Well, joke’s on them! It’s that and much, much more! In this article, we will dive into the best mechanical expansion they delivered in the sequel. The combat! – and why it’s the best part of this new entry.

If you can’t wait to take part in this journey into the biggest and best evolution of the ARPG genre, consider purchasing PoE 2 currency, as navigating the market is complex and pretty unforgiving for newcomers.

The New Philosophy of Combat

In Path of Exile 1, your power came from spreadsheets. If your passive tree was efficient and your item mods were right, you could delete entire screens before the enemies even noticed you. It was satisfying at first but quickly became detached – more calculation than combat.

Path of Exile 2 flips that idea on its head. Now, your strength doesn’t just come from your stats – it comes from your execution. Every attack animation is a commitment; every dodge is a deliberate decision. You can’t cancel halfway through. You can’t rely on instant flask spam to erase mistakes.

That shift changes the entire rhythm of the game. You’re no longer a walking explosion of numbers. You’re a combatant – one who has to respect space, timing, and momentum. Each swing feels heavy, each projectile purposeful. For the first time in PoE history, your hands matter as much as your build.

Timing Over Spam

Combat in Path of Exile 2 is slower – not in pace, but in mindset. The developers at Grinding Gear Games have introduced something ARPGs often lack: tempo. You read enemies, learn their patterns, and respond instead of reacting blindly.

It’s no longer about emptying your skill bar as fast as possible. It’s about waiting for the perfect moment to strike. When you land a counterattack right after a dodge, it feels incredible – not just because of the damage, but because of the precision.

That’s the magic of this new system. It borrows the deliberate cadence of games like Dark Souls or Monster Hunter but adapts it to an ARPG framework. Suddenly, Path of Exile isn’t just a numbers game. It’s a skill game.

Weapons With Real Identity

One of the most immediate differences players notice is how weapons feel. In the first game, a sword, axe, or mace was often just a vehicle for stats. In the sequel, they define how you fight.

Heavy maces crush armor with satisfying thuds. Spears extend your reach and reward spacing. Daggers enable quick, risky burst plays. Even bows have a palpable tension – you feel the draw and release. Each weapon class brings new animations, new skill interactions, and a new sense of weight.

That’s not just aesthetic polish – it’s mechanical depth. Weapon choice now changes how you engage enemies and what you can safely attempt. It brings identity back to the player’s hands. Your weapon isn’t just your gear; it’s your language of combat.

The End of Mindless Clearing

Old-school Path of Exile fans loved efficiency. The meta revolved around builds that could vaporize everything on-screen before taking a scratch. It looked impressive – but it also killed tension.

Path of Exile 2 moves away from that philosophy. Enemy packs are smaller but smarter. They coordinate. They flank. They punish lazy positioning. The game rewards precision and survival, not just sheer output.

You don’t clear a room by existing in it anymore; you earn it. Each encounter feels more personal, more grounded. Instead of chasing faster kills, you’re chasing cleaner executions. And that’s a major reason the combat feels alive again.

Animation as Gameplay

One of the most subtle but impactful changes lies in animation readability. Every enemy telegraphs its attacks now – the shoulder drop before a lunge, the ground shimmer before an AoE, the flicker of light before a spell burst.

These aren’t just effects. They’re part of the conversation between you and the game. You see a move coming, dodge at the right time, and retaliate. That kind of clarity transforms combat from chaos into controlled intensity.

You still die, of course – this is Path of Exile – but when you do, it’s usually because you made a mistake you can learn from. Not because the camera hid a one-shot from off-screen. It’s fair brutality, and that’s what keeps players engaged.

Cinematic Without Losing Control

What’s remarkable is how Path of Exile 2 manages to be cinematic without stealing control from the player. The camera doesn’t yank itself around during attacks. The game doesn’t rely on flashy finishers or scripted slow-motion kills. Instead, the spectacle emerges naturally – from impact, lighting, and timing.

When your sword connects and the camera shakes just slightly, when a boss crash-lands into the arena and dust fills the air – those moments feel cinematic because they come from your own actions. It’s immersive, not intrusive.

GGG has found a rare balance between visual drama and mechanical precision. It’s fast, beautiful, and completely under your control.

Punishment With Purpose

Make no mistake – this new system is harder. Mistakes cost you. Standing still too long gets you punished. Getting greedy during a combo can mean instant death.

But the difficulty isn’t there to frustrate. It’s there to make victory meaningful. Every close fight, every narrow dodge, and every recovered mistake turns into a story. The punishment isn’t random – it’s instructional. You can feel yourself improving after every death.

And that’s exactly what makes this combat loop addicting. You don’t just grind levels. You grind skill.

FAQs

Is Path of Exile 2’s combat actually slower?

Not exactly – it’s more deliberate. Enemies take longer to kill, and your attacks have real recovery time. The pace feels tighter, but it’s far from sluggish.

Can I still play fast, screen-clearing builds?

To a degree, yes. But PoE2 encourages more control and precision. You’ll still feel powerful, but your power now comes with risk.

Does every weapon really feel unique?

Absolutely. The animation sets, timing, and even skill availability differ by weapon. If you want to try them all, consider purchasing PoE 2 currency so that you can buy, trade, and craft every weapon!

Is the new combat harder for casual players?

It’s more demanding but also more readable. You can see attacks coming and react intelligently. That makes it challenging, but not punishing.

Wrapping Up

Path of Exile 2 shows us something that has been missing in the gaming industry for years. So many franchises nowadays come out with new entries only for them to feel like a recolor or have just barely enough new things for it to be considered a new game in the first place. This game decided to recreate everything from scratch; the things that it does carry from the first game are heavily expanded and reimagined to the point where you can barely recognize them. From classes to systems! If you want to join in on the fun, consider getting Path of Exile 2 Currency from our friends at PlayHub so that you’re always ready for what’s coming!

27% of IT leaders concerned about ability to detect deepfake attacks

Storm Technology, a Littlefish company, today announces survey findings which reveal that 27% of IT leaders are concerned about their ability to detect deepfake attacks over the next 12 months. This concern was felt by more respondents in larger enterprises (33%) than SMBs (23%).

The research – conducted by Censuswide and involving 200 IT decision-makers and leaders across Ireland and the UK (100 in each market) – found that the biggest concerns around AI and security over the next year are data breaches (34%), data protection (33%), and increased risk of adversarial or cyber-attacks (31%). Meanwhile, a quarter (25%) consider shadow AI (use of unsanctioned or unpermitted tools) among their biggest concerns.

This is not necessarily surprising given that half of respondents (50%) know that people in their organisation are using such tools and some 55% admitted to using unsanctioned or unpermitted tools themselves. Forty-two per cent of IT leaders also opined that company data is not safe for input into these platforms.

Perhaps exacerbating this issue, just 60% of companies have been specific about which AI tools are sanctioned or permitted.

More broadly, over a fifth (21%) of IT leaders do not have a high degree of trust in AI tools and almost a third (32%) of companies do not have a strategy in place to address any AI risks that arise.

The research showed that 79% of IT leaders in Ireland and the UK agree their organisation needs to focus more on the regulation of AI tools and 28% do not believe their governance around AI tools is adequate. This rose to more than a third (35%) among Irish respondents.

When it comes to AI and data, 24% of IT leaders do not think their business data is ready for AI, with a similar proportion (23%) of the opinion that that their data governance policies are not robust enough to support secure AI adoption. This could explain why 78% believe a data readiness project is required to ensure successful AI adoption in their company.

Sean Tickle, Cyber Services Director, Littlefish, said: “AI is rapidly reshaping the enterprise landscape, but the speed of adoption is outpacing the maturity of governance. When nearly a third of organisations lack a strategy to manage AI risk, and over half of IT leaders admit to using unsanctioned tools, it’s clear that shadow AI isn’t just a user issue—it’s a leadership one.

“Deepfake threats, data governance gaps, and a lack of trust in AI platforms are converging into a

ESET Updates Its Home Security Portfolio for Advanced Ransomware and Scams

ESET, a global leader in cybersecurity solutions, today announces its upgraded consumer offering, ESET HOME Security and its Small Office/Home Office (SOHO) offering, ESET Small Business Security. Launched earlier in 2025 for businesses and enterprises, today’s release makes ESET’s award-winning Ransomware Remediation feature available to consumers and SOHOs. ESET Ransomware Remediation seamlessly creates encrypted backups – enabling users to detect, block, and recover from ransomware attacks with minimal disruption.

Recognizing scams as a global threat that can harm virtually anyone, anywhere, at any time, ESET now delivers enhanced scam protection, addressing attacks vectoring from all types of sources, including SMS, email, phone calls, URLs, QR codes, malicious files, and more. ESET also launched advanced functionalities within existing features, including Microphone Monitor and Website Security Inspector.

“As a progressive digital life protection vendor, ESET carefully monitors the current threat landscape and develops its protection solutions accordingly,” said Viktória Ivanová, Vice President of Consumer and IoT Segment at ESET. “Heightened scam protection, added Ransomware Remediation, and multiple privacy protection improvements make both ESET consumer and SOHO offerings robust, all-in-one solutions for households and Small Office/Home Offices seeking reliable security that has low impact on performance and is easy to use.”

This launch expands the availability of ESET VPN to ESET HOME Security Premium users. The updated ESET HOME security management platform simplifies security management, making it easier for home admins to protect their families, and SOHO owners to observe exactly who and what are protected, and to distribute security apps with a consistent, simplified experience.

Key ESET HOME Security/ ESET Small Business Security (for Windows) improvements include:

Ransomware Remediation — Originally developed for large businesses, Ransomware Remediation minimizes the impact of ransomware attacks. Once a potential ransomware threat is identified by ESET Ransomware Shield, ESET Ransomware Remediation immediately creates backups of affected files, and after the threat is mitigated, it restores the files, effectively reverting the system to its previous state.

 Enhanced privacy protection — New Microphone Monitor detects and alerts users to any unauthorized attempts to access the microphone hardware on Windows devices.

 Enhanced browser security  New Website Security Inspector adds an extra layer of protection against phishing, scams, and malicious websites. This feature scans the rendered HTML in the browser to detect malicious content that can’t be detected on the network level and by URLs blacklist.

New ESET Cyber Security/ ESET Small Business Security (for macOS) features and updates:

macOS 26 Tahoe support — User can enjoy ESET Cyber Security on the latest version of macOS.

HTTPS & HTTP/3 support — Improves overall end-user protection when online.

Device Control — This feature monitors and manages external devices connected to the Mac. It helps protect against malware and unauthorized transfers of data by restricting access to specific device types or even individual devices.

ESET HOME Security and ESET Small Business Security are available across all major operating systems—Windows, macOS, Android, and iOS—and cover all typical smart home devices. On top of that, ESET Small Business Security also protects Windows servers. The updated offerings are designed to address the evolving threat landscape with special attention to prevention – ensuring a best-in-class user experience because truly effective cybersecurity should be easy to set up and administer.

More information about ESET’s consumer offering and subscription tiers can be found here. A detailed description of the SOHO offering is available here.

Integrity360 launches Managed ASM to address complex attack surfaces and strengthen OT and IoT cyber resilience

Integrity360, one of the leading pan-European cyber security specialists, has announced the launch of its new Managed ASM service designed to address the growing complexities of securing diverse environments, including IT (Information Technology), Operational Technology (OT) and Internet of Things (IoT). The Attack Surface Management (ASM) service provides complete visibility into an organisation’s attack surface, enabling proactive risk reduction, exposure management, and threat detection to safeguard critical assets.

The attack surface is expanding at an unprecedented rate, with the number of connected assets worldwide expected to grow by an additional 50 billion devices by 2030. This surge, driven by the adoption of IoT, OT, and other connected technologies, has created new opportunities for cyber attackers to exploit poorly secured assets. Integrity360’s Managed ASM enables organisations to discover, prioritise, and remediate risks before they can be exploited.

According to Gartner, organisations prioritising continuous threat exposure management (CTEM) will be three times less likely to suffer a breach by 2026, highlighting the critical importance of the ASM service. Powered by the Armis Centrix Cyber Exposure Management (CEM) Platform, Integrity360’s Managed ASM leverages advanced automation and AI to discover and monitor all assets, identify exposures, and provide actionable recommendations for remediation.

“Integrity360’s Managed ASM provides organisations with a complete, end-to-end attack surface management solution,” said Jamie Andrews, Senior Director of International Partners at Armis. “By leveraging our platform’s AI-driven intelligence alongside Integrity360’s expert management and remediation services, businesses can stay ahead of evolving threats and maintain a proactive security posture across even the most complex environments.”

According to the National Institute of Standards and Technology (NIST), an organisation’s attack surface includes every point where an attacker can enter or extract data from a system spanning internal and external assets. Recent incidents, such as attacks targeting IoT-connected industrial devices, illustrate how adversaries chain exposures to access or disrupt critical systems or sensitive data.

With attack surfaces expanding across multiple infrastructures and a 140% increase in cyberattacks targeting critical infrastructure over recent years, the Managed ASM service responds to the urgent need for comprehensive visibility and proactive management.

The Managed ASM Service addresses several challenges faced by organisations, operating on a cyclical, continuous model to ensure constant improvement in security posture.*

The Managed ASM Service is tailored to help organisations reduce cyber risk by ensuring complete visibility, prioritising critical exposures, and supporting remediation efforts. This approach is especially vital for industries such as manufacturing, healthcare, and utilities, where compromised IoT and OT systems can lead to significant operational and safety impacts and aligns with specific compliance requirements for these critical sectors.

“Unlike traditional solutions that focus solely on IT infrastructure, Integrity360’s Managed ASM extends its capabilities beyond IT to also include OT, IoT devices, and even specialised systems like medical devices. These often-overlooked areas represent some of the most vulnerable entry points for attackers,” said Brian Martin, Director of Product Management, Integrity360. “What’s seen can be managed and secured. By providing granular visibility and continuous monitoring of the full attack surface, the service enables organisations to identify hidden risks across their entire environment and take proactive steps to address them.”

Integrity360’s Managed ASM emphasises the importance of collaboration through fortnightly customer review calls and provides transparency, enabling organisations to assess risk trends, review performance, and prioritise remediation efforts with support from Integrity360’s security experts. This partnership approach ensures continuous optimisation and alignment with the customer’s unique risk profile and allows customers to benefit from a scalable, proactive security framework.

For more information about Integrity360’s Managed ASM, visit https://www.integrity360.com/managed-asm.

AI to supercharge Deepfakes, Ransomware and Phishing Attacks.

Every 39 seconds a cyberattack is happening somewhere in the world. And, while cybercrime involving large organisations, like the HSE or Sony, makes headlines; in reality, small and medium businesses are three-times more likely to be victims of attack, due to weak defences.

Current cyber threats facing businesses in Ireland, and what can be done to manage them, is the subject of the annual Irish Reporting and Information Security Service cybercrime conference, in Dublin in November.

IRISSCON 2024 takes place on November 6th next, at The Aviva Stadium in Dublin, featuring expert speakers and delegates from all over the world, as well as the popular Cybersecurity Challenge, testing the skills of would-be hackers to break the system!

Jake Moore, global cybersecurity advisor for security software company, ESET, is a keynote speaker. With a 14-year background in the UK police force, in digital forensics and cybercrime, Moore now helps businesses bolster their cybersecurity, blending real-world crime insights and social engineering techniques, with advanced digital security strategy, to combat ever-evolving cyber threats.

Attackers have been known to spend over 200 days in an organisation’s network, unnoticed, before launching any sort of attack, he says.

“Once a hacker has breached an organisation’s network through unprotected endpoints, like a mobile phone, laptop or IoT device, it takes around one minute, 84 seconds on average, to move laterally and get deeper into the network.

“That is not a lot of time for any network security to react, and, once the harm is done, it takes 73 days, on average, to contain the breach. So, the objective is to prevent the network access in the first place.”

Ransomware and phishing attacks remain top threats, according to the ESET software developers. Cybercriminals use AI algorithms to analyse vast amounts of their target segments’ data. They look at social media profiles, online behaviour, recent purchases and other publicly available information to create very personalised phishing and social engineering attacks.
Your Voice is my Password

With Artificial Intelligence affecting every single industry, AI obviously benefits cybercriminals too, Jake Moore says.

“From text and image creation tools, to audio and video generation, the newest wave of cyberattacks is AI supercharged. New defences are needed to protect companies from this next generation of attacks.”

The ESET expert’s work with clients begins with some very telling practical examples of their vulnerabilities. Jake Moore has hacked businesses using AI voice cloning technology, stealing money, completely unnoticed, in minutes.

He has also, in the guise of work, hacked a police station. Having socially engineered his way into the police station, he was able to steal a laptop, break the encryption, hack into the entire network, and change the password of the Head of Professional Standards, without being caught.

Moore also engineered a targeted phishing attack, via LinkedIn, on the CEO of a company, illustrating how easy it is to manipulate people into handing over their account credentials, and data, using hacking tools widely available on the internet, (if you know where to look).

Simple social engineering techniques, like psychological manipulation, tricks users into making security mistakes, or giving away sensitive information, so the criminal can take over their email account, website, or even their life, the cybersecurity pro says.

Conference updates and bookings are available on the IRISSCON website: https://iriss.ie/irisscon/#about

HP Wolf Security study finds growing concern about attacks on hardware supply chains as one in five businesses impacted

HP released the findings of a global survey highlighting the growing concern over nation-state threat actors targeting physical supply chains and tampering with device hardware and firmware integrity. The study of 800 IT and security decision-makers (ITSDMs) responsible for device security highlights the need for businesses to focus on device hardware and firmware integrity, with attacks on hardware supply chains and device tampering expected to increase.

Key findings include:

  • Almost one-in-five (19%) organisations surveyed say they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains. In the US, this figure rises to 29%.
  • Over a third (35%) of organisations surveyed believe that they or others they know have already been impacted by nation-state threat actors targeting supply chains to try and insert malicious hardware or firmware into devices.
  • Overall, 91% believe nation-state threat actors will target physical PC, laptop or printer supply chains to insert malware or malicious components into hardware and/or firmware.
  • Almost two-thirds (63%) believe the next major nation-state attack will involve poisoning hardware supply chains to sneak in malware.

“System security relies on strong supply chain security, starting with the assurance that devices are built with the intended components and haven’t been tampered with during transit. If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control over everything that happens on that machine. Just imagine what that could look like if it happens to the CEO’s laptop,” comments Alex Holland, Principal Threat Researcher in the HP Security Lab.

Holland continues, “Such attacks are incredibly hard to detect, as most security tools sit within the operating system. Moreover, attacks that successfully establish a foothold below the OS are very difficult to remove and remediate, adding to the challenge for IT security teams.”

Considering the scale of the challenge, it’s unsurprising that 78% of ITSDMs say their attention to software and hardware supply chain security will grow as attackers try to infect devices during transit.

Organisations are concerned that they are blind and unequipped to mitigate device supply chain threats like tampering. Over half (51%) of ITSDMs are concerned that they cannot verify if PC, laptop or printer hardware and firmware have been tampered with during transit. A further 77% say they need a way to verify hardware integrity to mitigate the risk of device tampering.

“In today’s threat landscape, managing security across a distributed hybrid workplace environment must start with the assurance that devices haven’t been tampered with at the lower level. This is why HP is focused on delivering PCs and printers with industry-leading hardware and firmware security foundations designed for resilience, to allow organisations to manage, monitor and remediate device hardware and firmware security throughout the lifetime of devices, across the fleet,” comments Boris Balacheff, Chief Technologist for Security Research and Innovation, HP Inc. Security Lab.

In recognition of these risks, HP Wolf Security is advising customers to take the following steps to help proactively manage device hardware and firmware security, right from the factory:

  • Adopt Platform Certificate technology, designed to enable verification of hardware and firmware integrity upon device delivery.
  • Securely manage firmware configuration of your devices, using technology like HP Sure Admin (for PCs) or HP Security Manager (Support). These enable administrators to manage firmware remotely using public-key cryptography, eliminating the use of less secure password-based methods.
  • Take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory, such as HP Tamper LockSure Admin, or Sure Recover technologies.
  • Monitor ongoing compliance of device hardware and firmware configuration across your fleet of devices.

Watch this space: Further findings from the study will be shared later this year.

Cyber attacks soar yet Pandemic tops Irish business fears

The frequency of cyber attacks in Ireland increased by 26% year-on-year – according to the latest Hiscox Cyber Readiness Report; with 49% of businesses saying they suffered a cyber attack in the past 12 months, compared to 39% in the prior year. Yet while 87% of businesses across the world see cyber as the number one threat to their financial health, Ireland stands alone, with the pandemic remaining the key business concern in contrast to other countries surveyed.

Globally, the seriousness of the cyber threat is not underestimated, with one in five (20%) of businesses across eight countries saying that a cyber attack almost rendered them insolvent – an increase of almost a quarter (24%) compared to the previous year. However, there is a huge gulf in perception between those who have actually suffered an attack and those who have not. More than half of cyber attack victims (55%) see cyber as an area of high risk; whereas amongst companies which have not yet suffered an attack, the figure is just 36%.

Now in its sixth year, the Hiscox Cyber Readiness Report – www.hiscoxgroup.com/cyber-readiness –  surveyed over 5,181 professionals responsible for their company’s cyber security strategy across eight countries: the US, UK, Belgium, France, Germany, Spain, the Netherlands and more than 200 from Ireland.

The report’s other key findings include:

  • More than three out of five respondents (62%) agree that their business was more vulnerable to an attack as a result of employees working from home. This rose to 69% in companies who employed more than 250 people.
  • Average cyber security spending per company is up 60% in the past year to €4.8 million; an increase of 250% since 2019.
  • Adoption of cyber insurance is highest in the financial services industry, where 74% of companies have cover, either through a standalone policy or as part of a wider insurance policy.
  • Irish businesses paid out ransoms more regularly than the rest, with 25% paying five times or more to recover data.
  • Irish companies reported some of the lowest average ransom costs in the study: €12,600 ransom payments and €9,900 recovery costs. The single largest ransom paid in Ireland in 2021 was €42,693.
  • The most common method of entry for Irish ransomware were unpatched servers (65%) – this was far more common in Ireland than in any other country.

Richard O’Dwyer, Managing Director at Hiscox Ireland, commented: “The threat of insolvency for many in Ireland is very real given the increasing costs of an attack – the median cost of an attack here has risen sharply, by nearly a third, to just over €15,300, and for some of the worst hit businesses costs topped €4.5million. Business owners will have spent years growing and investing in their business, but one cyber attack could reduce what they have built to financial rubble.

“Remote working is seen as a serious risk and this model of work is not going away any time soon. It has impacted the volume of cyber attacks as cyber criminals gain access via cloud servers, so it is vital that businesses take the necessary steps to protect themselves against the complexity and speed of cyber attacks. In particular, the success cyber criminals continue to have in breaching systems via the use of phishing emails means one of the most effective defences a business can have is continuing to raise staff awareness of the risks.”