Cyber security in late 2025: Why Irish SMEs must act now
In association with Topsec
All good things must come to an end. And with summer winding down, it’s time to turn our focus back to business. While the countdown to Christmas may have already begun, the months ahead are crucial for Irish SMEs. As we head towards the fourth quarter of the year, one thing is clear: the digital threat landscape has become more aggressive, more sophisticated, and more expensive to ignore. And if you’re still thinking that only big corporations are on the radar of cybercriminals, think again.
Cybercriminals are increasingly focused on SMEs, which often have valuable data but less mature security systems. That makes them the path of least resistance.
In fact, SMEs might be even more attractive to cybercriminals than the big corporations among us. A report published in 2024 by the European Union Agency for Cybersecurity (ENISA) revealed that over 60% of cyberattacks are now aimed at SMEs. The average cyberattack now costs over €200,000, a figure that could easily cripple a small or medium-sized business. The last few years have dealt a few blows to Irish SMEs from an economic perspective. Many are still recovering from the pandemic. To absorb a financial hit from a cyber security hack isn’t an option for many. Plus with an in-depth strategy and a combination of human expertise and technology solutions, you can greatly improve your security posture. So why not do so?
Despite this, many Irish SMEs still lack even a basic cyber security framework. In the second half of 2025, this is a critical business risk that can no longer be postponed.
Phishing remains a top risk
Phishing scams have come a long way from the obvious dodgy e-mails of the past. Today, thanks to tools like generative AI, phishing e-mails look alarmingly convincing.
You’re unlikely to receive a badly written e-mail promising you a fortune or description of a mystery inheritance. But you stand a high chance of receiving an e-mail that looks legitimate from your bank, a trusted supplier or your colleague. That’s exactly the point, they’re designed to catch you off guard.
As more businesses rely on digital tools and remote working, these kinds of attacks are only becoming more common. And more sneaky. Email remains the single biggest attack vector. According to research carried out by Deloitte, over 90% of compromises begin with an e-mail.
This is why phishing awareness training is such an important part of any cyber security strategy. Your team needs to know what to watch out for: how to spot dodgy e-mails, double-check who a message is really from and think twice before clicking on unexpected links or attachments. Technology solutions are a key part of your security stack, but nothing can replace a trained workforce who know how to spot a scam.
Staying safe isn’t about crossing your fingers and hoping for the best. It’s about being proactive. That means using smart e-mail filters, training your staff regularly and putting multi-factor authentication in place to block unwanted access. When you combine these steps, security tools, educated people and simple checks, you build a strong, affordable line of defence that really works.
Ransomware on the rise
Ransomware has long been a serious problem for Irish businesses, and the situation is getting worse fast. In 2024, ransomware attacks surged across the globe, but Irish businesses felt the impact in measurable ways. Approximately one-third (33 %) of medium-to-large Irish firms reported paying a ransom in the previous 12 months, while around 50 % experienced at least one ransomware breach during that period .
What’s especially worrying is the rise of ‘double extortion’ tactics. In these cases, hackers don’t just lock your systems, they steal your data then demand payment to stop them from leaking it. Even companies with decent defences are finding it tough to keep up with the evolving threats.
AI hasn’t necessarily made attacks more complex, but their speed and scale has been supercharged by this new technology. The volume of attempted breaches has skyrocketed. This places SMEs, who typically lack layered, enterprise-grade protection, at even greater risk.
Internal risks are still being overlooked
While external attacks dominate headlines, internal threats continue to cause major breaches. Whether it’s a disgruntled employee or a well-meaning team member with access to sensitive files, the results can be equally damaging.
A multi-pronged approach is the strongest way to prevent this problem. This includes strong access controls, system audits and real-time activity monitoring.
The real-world impact of inaction
A cyberattack is not ‘just’ an IT incident. It is a business disruption. Orders go unprocessed, customer data may be leaked and regulatory fines can follow quickly if personal data is compromised.
But, even taking all of this into account, perhaps the most damaging impact is reputational. Clients are less likely to trust a company that has experienced a breach, especially if it was preventable. In competitive markets, trust is everything.
And yet, despite the legal and ethical requirement to report breaches, most Irish SMEs still don’t. The rate of cyber hacks that go unreported is very high, with multiple authoritative sources indicating that approximately 85% of cyber crimes go unreported. According to the US Department of Justice and the World Economic Forum, only about one in seven cyber crimes, around 15%, is reported, leaving over 85% hidden or unreported within organisations.
What Irish SMEs can do now to strengthen cyber security
With Q4 on the horizon, now is the time to take decisive action. Here are the key moves Irish SMEs should prioritise:
- Develop a formal cybersecurity strategy.
This includes defining who has access to what, how breaches should be handled and how often security systems and software are updated. - Make employee training a priority.
Since most breaches start with human error, regular cybersecurity workshops are a cost-effective and powerful tool. Employees should know how to spot phishing emails, manage passwords securely and follow good data handling practices. - Enforce multi-factor authentication (MFA).
Even the strongest passwords can be compromised. MFA prevents unauthorised access by requiring a second form of verification. This adds a vital security layer. - Invest in layered, e-mail-first defences.
E-mail security is the most important line of defence, as the vast majority of attacks start there. Thankfully, today’s solutions, including AI-powered threat detection, secure cloud platforms, firewalls and network segmentation, are both scalable and affordable for SMEs. - Conduct a cyber security audit before year-end.
With stricter regulations expected in 2026, businesses need to get proactive now about cyber security. The steps to take now include reviewing vulnerabilities, strengthening defences and ensuring GDPR compliance can help avoid costly issues later.
Prepare now, prosper later
As cybercriminals ramp up their activity and digital systems become even more central to operations, Irish SMEs must not delay. The second half of 2025 offers a narrow window to strengthen defences, protect sensitive data, and safeguard business continuity.
On the surface, cyber security is about preventing attacks. However, in truth it’s about protecting your reputation, your customers, and your future.
SMEs that take action now will be in a far stronger position to compete, comply, and grow in the ever- increasing digital economy of 2026.
Niall Mackey is the commercial director of Topsec. His team excels in enhancing e-mail security for firms, safeguarding sensitive data against cyber threats.
Subscribers 0
Fans 0
Followers 0
Followers