Irish organisations are putting themselves at risk of a costly cybersecurity attack by failing to implement robust measures to protect themselves, a new report has warned.
PwC’s 2025 Digital Trust Insights Survey found only 28 per cent of companies have put in place what it classes as robust cyber resilience measures, lower than the global average of 33 per cent of companies.
This was despite 74 per cent of Irish organisations saying they prioritised cyber risk mitigation, putting the risks posed ahead of other risks such as inflation and macroeconomic volatility. More than half of those who responded to the survey said it was crucial to maintain consumer trust and brand integrity.
However, while Irish companies appeared to recognise the importance of investing in cybersecurity defences, the report indicated they may not be investing as much as their global counterparts. Only two thirds of companies said they were planning to increase their cyber budget, compared with the global figure of 77 per cent.
The average data breaches costs an estimated €3 million, PwC said, and third-party data breaches are still the top concern for Irish organisations, the second consecutive year that it has topped the list.
“The survey highlights that despite the high cost of cyber breaches, less than one in three Irish organisations have implemented robust cyber resilience actions across their businesses,” said Leonard McAuliffe, cybersecurity partner at PwC Ireland. “At the same time, they state that they are planning to prioritise cyber risk mitigation in the next 12 months, but their planned investment is behind their global peers. Irish companies need to prioritise cyber risk investment even more to safeguard their organisations from cyber attacks.”
The PwC survey questioned more than 4,000 business and tech executives across 71 countries, including Ireland, on how the technology and security landscape is evolving.
This included generative AI, an area in which 78 per cent of global respondents said had seen increased investment in the past 12 months As companies turn to the technology to help with threat detection, threat intelligence and malware and phishing detection. However, it has also increased cyber attack vulnerabilities, PwC noted, and almost 40 per cent of global respondents said they had difficulties integrating generative AI with their existing systems. trust was also an issue, while 38 per cent said there was a lack of adequate internal controls and risk management around the technology, presenting a challenge when trying to implement it.
Irish organisations are also less confident about their ability to comply with new cyber regulations coming down the track, such as the EU Network and Information Security Directive (NIS2), the AI Act (and the Digital Operational Resilience Act (DORA), compared to their global peers.
“It is clear that organisations which invest appropriately in cybersecurity have a competitive advantage compared to those who do not,” said Moira Cronin, Digital Risk Partner, PwC Ireland. “The survey highlights that GenAI is a useful tool for cyber defence especially for threat detection. And while Irish companies have more to do to be compliant with upcoming cyber regulations, there is overwhelming consensus that cyber regulations are also driving investment.”
- Sign up for the Business Today newsletter and get the latest business news and commentary in your inbox every weekday morning
- Opt in to Business push alerts and have the best news, analysis and comment delivered directly to your phone
- Join The Irish Times on WhatsApp and stay up to date
- Our Inside Business podcast is published weekly – Find the latest episode here