IT Brief Ireland - Technology news for CIOs & IT decision-makers
Ireland
Email attachment20260417 3885411 4r6llq
#
Data Protection
#
DR
#
Ransomware

Irish firms face ransomware resilience gap, report warns

Thu, 16th Apr 2026
Author image
By Sofiah Nichole Salivio, News Editor

BullWall and Renaissance have published a ransomware resilience benchmark report focused on Irish organisations. The study found that 57% of respondents had experienced at least one ransomware attack in the past two years.

Based on a survey of cyber security leaders in Ireland, the findings point to a gap between how prepared organisations believe they are and how they would perform during an actual attack. The report argues that many recovery plans have not been tested under operational pressure.

One of the clearest themes is a mismatch between confidence and evidence. A third of respondents said they were highly confident in their ability to recover from a ransomware incident, yet that confidence often appears to rest on assumptions rather than regular testing through exercises or real incidents.

That gap matters because recovery expectations appear optimistic. Many organisations said they expected to recover within one to two weeks or less, but those estimates often do not reflect the full business, regulatory and reputational effects of an attack.

Attack exposure

The survey suggests ransomware has become a routine operational risk for many Irish organisations rather than a remote possibility. More than half of respondents reported at least one attack over the previous two years, indicating that planning now needs to focus not only on prevention but also on response and recovery.

Security spending is already widespread, but the mix of tools does not always translate into effective resilience. Email security and multi-factor authentication were each used by 55% of respondents, while 43% said they had deployed endpoint detection and response tools.

Even so, incidents continue. Weaknesses often lie in configuration, integration and alignment with real attack paths, leaving organisations exposed despite investment in multiple layers of security products.

Response speed

The survey also highlighted the importance of acting quickly once ransomware is detected. About 80% of respondents said they believed they could detect ransomware encryption within minutes or hours, but detection alone does not limit damage if action is delayed.

Some ransomware variants can encrypt up to 50,000 files per minute, according to the findings. That means even short delays in containment can severely affect operations, particularly where systems and data are closely interconnected.

Budget pressure remains a major obstacle. Half of respondents cited budget constraints as one of the biggest barriers to improving their security posture, while 44% pointed to IT complexity and 36% to a shortage of skilled personnel.

These figures suggest many organisations are trying to strengthen defences in environments that are already difficult to manage. Fragmented systems, overlapping tools and limited specialist staff can make it harder to coordinate controls and verify that they will work during an incident.

Backup gaps

The report also raised concerns about backup resilience, often seen as a final safeguard in a ransomware event. While 49% of organisations said they had fully protected backups that were offline or immutable, the rest either lacked that level of protection or were unsure whether their backups could withstand an attack.

That uncertainty could have serious consequences. If backup systems are not adequately isolated or protected, they may be encrypted or otherwise compromised at the same time as primary systems, leaving organisations with fewer recovery options.

Compliance was another area where the report found a gap between formal adherence and operational readiness. Respondents reported following several frameworks, including GDPR at 72% and ISO 27001 at 67%.

However, the findings suggest that meeting regulatory or standards-based requirements does not automatically mean an organisation can contain a live ransomware attack or restore operations quickly. Compliance and resilience, the report argues, should not be treated as interchangeable measures.

Across the survey, the broader message is that ransomware planning is shifting from theoretical risk management to practical readiness. For many organisations, the issue is no longer whether protections have been purchased, but whether those protections are organised and tested well enough to reduce disruption when an attack happens.

The benchmark positions execution as the main dividing line between organisations that are better prepared and those that remain exposed. It found that Irish organisations have already made substantial cyber security investments, but those investments do not ensure resilience unless they are operationalised effectively under attack conditions.

Success against ransomware is no longer defined by prevention alone, but by the ability to contain, respond and recover in real time.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
SnapLogic adds AI gateway to push agents into work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment