Intelligence Hub

Cybersecurity Risks and Readiness for Irish SMEs in 2025

11 Sept 202510 min read

Most Irish small and medium businesses will face a cyberattack in 2025. Over 70 percent of SMEs were attacked in the last two years, making Ireland one of the most targeted economies globally. The average cost of these incidents may look small at €8,500 spread over three years, but serious breaches can reach six or seven figures. Some SMEs lose more than €1 million and many never reopen after a major attack.

The good news is that new government supports now cover up to 80 percent of the cost of building cyber resilience. The challenge for SMEs is knowing which risks matter most and how to access the funding.

The threat landscape in 2025

Irish SMEs face more than one attack a week on average. The most common and damaging threats are:

  • Supply chain risk: 48 percent of organisations identify third-party breaches as a major vulnerability.
  • Ransomware: 42 percent are worried about ransomware, and small firms are four times more likely to be hit than larger companies.
  • Cloud risks: 40 percent highlight cloud security as a concern, often linked to misconfigurations during digital migration.
  • Phishing and payment fraud: Over half of SMEs report attempts to divert payments.Phishing makes up 90 percent of incidents globally
  • Insider threats: Human error caused almost a quarter of breaches in 2024, though training and awareness are reducing this risk.

What breaches cost Irish SMEs

Costs vary widely, which creates confusion. To make sense of the figures:

  • Frequent small incidents such as phishing scams average €8,500 over three years.
  • Medium incidents like data loss or short service disruption can cost €100,000 to €250,000.
  • Major breaches involving ransomware or long outages can run from €500,000 to over €1 million.

In 2023 Irish SMEs lost €10 million to email scams alone. While many incidents are survivable, the risk of a catastrophic event is very real.

What this means for you: Small costs add up quickly, and one major breach can be fatal. Proactive investment is cheaper than recovery.

Compliance and regulation

Two areas dominate the 2025 compliance landscape:

  1. GDPR: The Data Protection Commission received almost 8,000 breach reports in 2024 and issued €652 million in fines. SMEs must continue to manage data subject requests, consent processes, and CCTV rules. Initial compliance can cost under €5,000, while larger firms in Dublin often spend €20,000 or more.
  2. NIS2 Directive: Ireland missed the EU deadline in 2024 but will enact NIS2 in late 2025. Enforcement will start in 2026. The scope expands from a few hundred entities to up to 6,000, including manufacturing, food, and digital services.
    • Essential entities: 250+ staff or €50M turnover, penalties up to €10M or 2 percent global revenue.
    • Important entities: 50+ staff or €10M turnover, penalties up to €7M or 1.4 percent global revenue.
    • Requirements include 16 risk management measures, board accountability, and strict incident reporting.

NIS2 timeline at a glance

Milestone:

Date / Timeline:

Details:

EU deadline missed

October 17, 2024

Ireland delayed transposition into law.

National Cyber Security Bill

Q4 2025 (expected)

Bill will become law and align Ireland with NIS2.

Penalties enforcement

2026

Non-compliance fines begin.

Entity registration portal opens

July 2026

SMEs have a 3-month window to register.

What this means for you: Even if NIS2 does not apply directly, larger customers will demand compliance from suppliers. Start preparing now.

Funding and supports available

Irish SMEs can now access over €400 million in combined funding, training, and support. Key options include:

  • Enterprise Ireland Cyber Security Review Grant: €2,400 to fund an independent expert review.
  • SME Cyber Security Improvement Grant: Up to €60,000 covering 80 percent of implementation costs (requires the EI review first).
  • LEO Trading Online Voucher: Up to €2,500 for micro enterprises.
  • LEO Digital for Business Voucher: €5,000 for SMEs with 1–50 employees.
  • EU Digital Europe Programme: €390M allocated 2025–2027 for advanced security initiatives.
  • R&D Tax Credits: 42.5 percent relief on cybersecurity R&D costs.

What this means for you: Grants can cover most of the costs of building resilience. The priority is applying early, as many are first-come-first-served.

Sector-specific risks

  • Retail: PCI DSS compliance is mandatory. Card fraud exceeded €22 million in 2024. Costs of compliance range from €500 to €3,000 per year, far lower than breach costs.
  • Manufacturing: Industry 4.0 creates new vulnerabilities between IT and operational technology. ISO27001 and IEC 62443 standards are key benchmarks.
  • Agri-food: Traceability systems and supply chain integrity introduce new cyber risks. Sustainability data and blockchain pilots add further complexity.

What this means for you: Each sector faces unique pressures. Regulators, customers, and insurers will expect sector-appropriate safeguards.

Practical steps for SMEs in 2025

Start with fundamentals:

  • Multi-factor authentication (free–€10 per user per month).
  • Strong, unique passwords with a password manager (€0–€5 per user per month).
  • Automatic software updates (no extra cost).
  • Quarterly staff training and phishing simulations (€0–€50 per employee per year).

Follow a phased roadmap:

  • Weeks 1–2: Enable MFA, update passwords, install antivirus, set up basic backups.
  • Months 1–3: Formal training, write policies, apply for the EI review grant, deploy network security.
  • Months 4–12: Apply for the €60k grant, engage managed security services, implement advanced training and audits.

Budget guidance:

  • Micro (1–5 staff): €1,000–3,000 year one, €500–1,500 ongoing.
  • Small (6–25 staff): €3,000–10,000 year one, €2,000–5,000 ongoing.
  • Medium (26–50 staff): €10,000–25,000 year one, €5,000–15,000 ongoing.

What this means for you: Prevention costs are predictable and can be 80 percent funded. Recovery costs are uncertain and potentially business-ending.

How Qadience can help

SME leaders face two challenges: the scale of the threat and the complexity of support schemes. Qadience helps you:

  • Identify the risks that matter most for your business.
  • Apply for grants and funding.
  • Build a phased roadmap with realistic costs.
  • Prepare for customer and regulatory requirements.

Call to action: Contact Qadience today to book your free 15-minute funding eligibility check.

Key takeaway

Cyberattacks on Irish SMEs are not a question of if but when. The risk is rising, but so too is the support available. By acting now, SMEs can protect their operations, secure funding to cover most of the cost, and build the resilience needed to grow in 2025 and beyond.

More from Intelligence Hub