22 % of EU enterprises had ICT security incidents


Eurostat LogoIn 2021 in the EU, 22.2% of enterprises (with 10 or more employees and self-employed persons) in the business economy (excluding the mining and quarrying and financial sector) experienced ICT security incidents resulting in different types of consequences such as unavailability of ICT services, destruction or corruption of data or disclosure of confidential data.

The most frequent consequence reported was the unavailability of ICT services due to hardware or software failures (18.7 %). Unavailability of ICT services due to attacks from the outside (e.g. ransomware attacks, denial of service attacks) was far less common (3.5 %).

EU enterprises also reported the destruction or corruption of data, caused by two types of incidents: due to hardware or software failures (3.9 %) or due to infection by malicious software or unauthorised intrusion (2.1 %).

The least frequent consequence of ICT security incidents was the disclosure of confidential data, related to two different reasons: intrusion, pharming, phishing attack, intentional actions by own employees (1.1 %) and unintentional actions by own employees (1.0 %).

For more information:

Methodological notes: 

  • Data come from the 2022 Community survey on ICT usage and e-commerce in enterprises and refer to all enterprises with at least 10 employees or self-employed persons (in NACE Rev. 2 sections C to J, L to N and group 95.1). Further methodological information related to the survey can be found here.
  • Data in the database are organised according to the survey year; the results above refer to the calendar year prior to the survey (2021).
  • France: break in the time series due to the implementation of the statistical unit enterprise.
  • Ireland: break in the time series due to changes in national survey methodology.
  • The statistics presented in this news item is collected from enterprises using the internet. When interpreting the data, users should be aware that differences between countries could be correlated with varying degrees of online presence and thus exposure of enterprises of experiencing an ICT security incident.