22% of EU enterprises had ICT security incidents

In 2021 in the EU, 22.2% of enterprises (with 10 or more employees and self-employed persons) in the business economy (excluding the mining and quarrying and financial sector) experienced ICT security incidents resulting in different types of consequences such as unavailability of ICT services, destruction or corruption of data or disclosure of confidential data.

The most frequent consequence reported was the unavailability of ICT services due to hardware or software failures (18.7%). Unavailability of ICT services due to attacks from the outside (e.g. ransomware attacks, denial of service attacks) was far less common (3.5%).

EU enterprises also reported the destruction or corruption of data, caused by two types of incidents: due to hardware or software failures (3.9%) or due to infection by malicious software or unauthorised intrusion (2.1%).

The least frequent consequence of ICT security incidents was the disclosure of confidential data, related to two different reasons: intrusion, pharming, phishing attack, intentional actions by own employees (1.1%) and unintentional actions by own employees (1.0%).

Source dataset: isoc_cisce_ic

Finnish enterprises register highest incidence of ICT security problems 

Among EU countries, the highest shares of enterprises that registered ICT security incidents leading to unavailability of ICT services, destruction or corruption of data or disclosure of confidential data, were in Finland, with more than two-fifths (43.8%), followed by the Netherlands and Poland (30.1% and 29.7%), Czechia (29.3%) and Denmark (26.4%).

At the other end of the scale, the lowest shares were in Bulgaria (11.0%), Portugal (11.5%), Slovakia (12.3%), Hungary (13.4%) and Cyprus (14.3%).

Source dataset: isoc_cisce_ic

Source: Eurostat