Cybersecurity budgets under pressure at small businesses, new research shows

Password hacking and phishing seen among leading threats

Companies are set to cut their cybersecurity budgets by up to half in 2023, despite the risk of cyber attacks, a new survey has found.

The research, which was carried out on behalf of managed IT and cyber security services company Typetec, found the average IT security budgets for small- and medium-sized businesses (SMBs) in 2023 were just under €58,000, almost 50 per cent lower than in 2022, when budgets were around €117,000.

That decline comes despite 79 per cent of SMBs saying they had experienced a cyber attack in the past year, with password hacking, phishing, malware and insider attacks and employee negligence among the most common risks.

Company owners said they feared going out of business as a result of a cyber attack, with the number citing it as a concern rising from 27 per cent in 2022 to 40 per cent in 2023. Other major concerns arising from a cyber attack include significant business downtime, sensitive data being made public or traded on the dark web, reputational damage, and the loss of customers.


Although 32 per cent of businesses said they have not put a disaster recovery plan in place, almost two thirds said they were fully prepared for the cybersecurity threats in 2023, and 29 per cent said they were “somewhat prepared”, thanks in part to increased cybersecurity training for staff.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist