ESET research finds businesses are prepared for ‘high tech threats’ but still struggle to manage ‘machine running’ scams.
According to a new study by ESET on the SMB Cyber Readiness Index 2026, “businesses are losing sleep over a high-tech threat that has never been seen in real attacks”, in an environment where ‘small’ scams continue and cost money, every day.
ESET, a Slovakia-based global cybersecurity company, partnered with Esomar member Go4insight to collect data from 4,400 organizations with 25 to 1,000 endpoints in 13 countries.
This includes Canada, the Czech Republic, Denmark, France, Germany, Italy, Japan, the Netherlands, Slovakia, Spain, Sweden, the UK and the US. Contributors were the main decision makers, or the main influencers, in the organization’s cyber security decisions.
The research found that more than 60pc of participating organizations spread across Europe, the Middle East and Africa expect an attack in the next year, while 44pc have already experienced an incident in the last 12 months.
Almost two-thirds are of the opinion that the single biggest threat is AI-powered malware, despite ESET’s findings that across its managed detection and response (MDR) service, not a single incident involved artificial intelligence “in any meaningful way”. Rather, among the threats that posed the greatest danger, was phishing (27pc), unpublished software (23pc), lack of security precautions (20pc) and weak passwords (20pc).
Commenting on the report, Michal Jankech, vice president of Enterprise, SMB and MSP said, “While 78pc (worldwide) of SMBs recognize the importance of cybersecurity strategies, a consistent understanding of key threats, technologies and terminology, including MDR and security posture, suggests there is still room for improvement.
“We found that SMBs’ concerns are often shaped by emerging alarming headlines such as AI-driven attacks, while more common risks, such as phishing, unpublished risks and a lack of vigilance, are underestimated. This indicates that many respondents do not fully understand their security posture and resilience.”
Invest in security
The ESET survey also highlighted the need and desire for significant training among participating EMEA organizations. About 90pc explained that they believe that training can be serious or important and 51pc train several times a year. Train more than 10pc every month. Only 3pc, however, were detected using standard training programs such as phishing simulations. Worse, only 3pc watch them cybersecurity budget as enough or more than enough. Although 39pc are optimistic that there will be an increase in the budget next year.
For future investment in their organisation, 40pc plan to be more involved in training and awareness of staff, 33pc have a future cloud security strategy and one quarter intend to invest in backup and support. The main barriers are currently budget constraints (26pc), complexity of integration (20pc) and lack of talent and skills (18pc).
Jankech said, “As it stands now, meeting the challenges of cybersecurity in 2026 means understanding the intersection of your business needs, human behavior, the democratization of powerful technologies like AI, regulatory priorities and the ever-changing threat landscape, that’s a lot. So, to deal with all of this, there’s only one option, to have a robustness chart, to have a robust state chart.”
Although organizations based in Ireland were not included in the ESET survey, George Foley, cybersecurity expert for ESET Ireland, gave his opinion on what Irish organizations should expect.
He said, “Irish businesses are facing the Hollywood version of cybercrime while a side door is left open. The attack that wipes out your account isn’t a self-driving AI super-virus. It’s the same dodgy invoice email we’ve been warning about for years, except now it’s complete and there are thousands of them.
“Spend your worries and your budget on the basics. Train your employees to pause before paying, keep your systems connected and stop reusing passwords. That’s what keeps money from going out the door.”
Don’t miss out on the information you need to succeed. Sign up for Daily BriefSilicon Republic’s digest of must-know sci-tech news.
