Cyberattacks costing Irish SMEs €3.4bn annually – report

Cyberattacks are costing Irish small and medium-sized enterprises (SMEs) up to €3.4 billion annually, according to new research.

The Hidden Cost of Cyber Risk report from eir Business was supported by Microsoft and the Kemmy Business School at the University of Limerick.

It found that the greatest impact on businesses is not from major one-off cyber breaches but rather repeated day-to-day disruption.

According to the research, SMEs lose more than 7.2 million working days every year due to cyber incidents, with affected businesses experiencing multiple incidents annually.

While the financial impact of any single incident can be significant, the analysis found that it is the cumulative effect of repeated disruption, downtime, lost productivity and operational interruption, that creates the greatest economic cost.

This amounts to around €50,000 per SME annually, according to the research.

“Small and medium-sized enterprises are central to the Irish economy, and ensuring they are resilient in an increasingly digital environment is critical,” said Minister of State Alan Dillon.

“Our National Cyber Security Centre is already providing targeted cyber security supports to SMEs to do this, the most recent initiative, being the launch of a new dedicated website aimed at providing SMEs with practical, accessible and free guidance on strengthening their cyber security awareness, preparedness and response capabilities,” Mr Dillon said.

Dr Mauricio Perez-Alaniz, Assistant Professor in the Department of Economics at the Kemmy Business School, said the report aims to quantify the costs of cyberattacks in terms of the direct economic impact and potential costs associated with downtime.

“It is important to keep in mind that fully quantifying such costs is difficult,” he said.

“While the estimates presented by the report are necessarily high-level and resting on a set of assumptions, they offer important insights into the scale and nature of the issue,” Dr Perez-Alaniz said.

Susan Brady, Managing Director eir Business, said cyber risk is not just about rare, large-scale attacks.

“For most SMEs, it is the cumulative impact of everyday incidents, from phishing emails and ransomware attempts to service disruptions, that drives significant loss of time and productivity,” Ms Brady said.

“That’s why we are launching Cybersecurity Assurance, to help SMEs manage the full spectrum of cyber threats in a practical and sustainable way,” she added.