Irish SMEs plan to cut their cybersecurity budget by 50pc, survey finds

4 Jan 2023

Typetec CTO Trevor Coyle. Image: Typetec

Despite plans to reduce security spending, nearly 80pc of businesses surveyed have experienced a cyberattack in the past 12 months.

The average cybersecurity budget for Irish small to medium-sized enterprises (SMEs) is set to drop by more than 50pc for 2023, according to a new survey from IT service provider Typetec.

The company’s annual survey of 200 SMEs revealed that the average budget this year is €57,500, compared to €117,209 in 2022.

Despite this drop, Typetec said nearly 80pc of these businesses have experienced a cyberattack in the past 12 months.

The survey – conducted by Censuswide – found that the most common forms of cyberattack were password hacking and phishing, as more than 30pc of SMEs had experienced these attacks. More than 25pc of those surveyed had been hit with malware over the past year.

Typetec CTO Trevor Coyle said that while it might be “tempting” to cut cybersecurity budgets, the survey shows that “threats are still widespread” and the potential impact is “greater than ever”.

“We understand that many smaller businesses are dealing with inflationary pressures at this time and have to make difficult investment decisions,” Coyle said.

“However, it’s important that they make smart choices and don’t leave their data and systems more vulnerable and easier to attack, which will ultimately be so much more costly if it happens.”

Many business owners surveyed were concerned about the impact of cyberattacks, with 40pc citing going out of business as their biggest fear. This is an increase on last year, when 27pc had this concern.

The other major concerns surrounding cyberattacks were significant business downtime, sensitive data being made public or traded online, reputational damage and the loss of customers.

Almost a third of SMEs surveyed said they do not have an effective disaster recovery plan in place in the event of a cyberattack. However, roughly 64pc of respondents believe they are fully prepared for evolving cybersecurity threats in 2023.

For those that felt fully or somewhat prepared, the most popular step taken was increased cybersecurity awareness training for staff.

“Being smart means not only identifying measures for protection and prevention, such as staff awareness, but also having a strategy in place to support disaster recovery and business continuity should the worst-case scenario arise,” Coyle said.

A Typetec survey last September found that around one-quarter of Irish SMEs have paid ransomware criminals multiple times. This survey also suggested that paying a ransom usually doesn’t benefit, as most businesses that paid still had their sensitive data leaked.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic