The Hidden Costs of Cyber Risk report, found that often the challenges companies face are the result of everyday disruptions on the internet, rather than major isolated issues.
eir business The Hidden Costs of Cyber Risk Reportingsupported by Microsoft and the University of Limerick’s Kemmy Business School, found that on average cyber attacks cost Irish small and medium-sized enterprises (SMEs) up to €3.4bn a year.
However, the biggest impact is not from large-scale breaches of the law, but rather the more common, day-to-day disruptions related to cyber security, which in turn cause losses for many Irish companies.
It is reported that SMEs lose more than 7.2m working days every year due to cyber incidents, with affected businesses experiencing more incidents every year. For individual companies, this equates to approximately three working weeks lost every year.
Susan Brady, eir’s business managing director, said: “This report shows that cyber risk is not just a rare, large-scale attack.
“For many SMEs, it is the cumulative effect of everyday incidents, from phishing emails and ransomware attempts to provide disruptions, that cause significant loss of time and productivity. These risks not only affect individual businesses, but supply chains, customers and the wider business landscape.”
Big and small challenges
The report noted that, although single events can have significant financial impacts, research suggests that the cumulative impact of repeated disruptions, inefficiencies, lost productivity and operational disruptions creates the greatest economic costs per SME every year. The report also found that “much of this impact is avoidable”, for organizations that demonstrate high ‘cyber readiness’.
The report said companies with more cyber preparedness tend to have fewer incidents, lower overall losses and less disruption. In addition, organizations with high levels of preparedness can reduce annual downtime from more than 30 days to about five days, while systematic data management greatly reduces the likelihood of an attack.
Commenting on the report, Minister of State for Business, Tourism and Employment Alan Dillon, TD said, “Small and emerging businesses are vital to the Irish economy and ensuring they are resilient in an increasingly digital environment is vital.
“This study highlights the real and growing impact that cyber risks are having on businesses across the country, not just in financial terms, but in operational disruption and loss of productivity. However, with the right support, guidance and a focus on practical steps, businesses can strengthen their resilience and reduce their exposure.”
Dr. Mauricio Perez-Alaniz, assistant professor in the Department of Economics, Kemmy Business School welcomed the attention of this issue. He said, “While SMEs are increasingly being reminded of the potential productivity and sustainability benefits that can come from the adoption of digital technologies, the issue of cyber risk, and the associated costs of cyber attacks, needs more attention.
“This report seeks to do just that. It provides an accurate way to quantify the cost of cyber attacks in terms of direct economic costs, and more importantly, the potential costs associated with downtime. It is important to remember that fully quantifying those costs is difficult. Although the estimates presented in the report are high-level and rest on a critical scale, they provide an important context set.”
In early June, ESET published a similar report, i SMB Cyber Readiness Index 2026which also showed that some organizations neglect to pay attention to day-to-day threats, amid a sharp focus on large, one-time events. The report found that businesses are putting themselves at risk of injury and loss of profits by allowing threats that are perceived to be small, to ‘pass through’.
Earlier commenting on the report, Michal Jankech, vice president of Enterprise, SMB and MSP at ESET, said: “Although 78pc of SMBs are aware importance of cybersecurity strategyA consistent understanding of key threats, technologies and terminology, including MDR and security posture, suggests that there is still room for improvement. Any improvement will have to start with a reality check.
“We found that SMBs’ concerns are often shaped by emerging alarming headlines such as AI-driven attacks, while more common risks, such as phishing, unpublished risks and a lack of vigilance, are underestimated. This indicates that many respondents do not fully understand their security posture and resilience.”
Don’t miss out on the information you need to succeed. Sign up for Daily BriefSilicon Republic’s digest of must-know sci-tech news.
