Special Reports
A special report is content that is edited and produced by the special reports unit within The Irish Times Content Studio. It is supported by advertisers who may contribute to the report but do not have editorial control.

Cybercrime a major threat to small businesses

With digital crime on the rise, SMEs underestimate the need to invest in cybersecurity at their peril

Cybercrime is the number one threat when it comes to financial crime in Ireland, with fraud and tax evasion taking joint second place.

Hacking, phishing, online scams and other variations of cybercrime are thought to be the most prevalent financial crimes in Ireland, as found in a new survey by the Compliance Institute, which polled 230 compliance professionals working primarily in Irish financial services organisations nationwide.

With more than 3,400 members, Compliance Institute is the professional body for compliance professionals.

“While financial crimes from tax evasion to insider trading could be classed as the ‘traditional’ criminal pursuits, cybercrime is more new-age and is developing and advancing at a pace so fast that organisations and legislators cannot keep up,” says Michael Kavanagh, CEO of the Compliance Institute.


“From the midterm review of the 2019-2024 Cyber Security Strategy launched in the middle of 2023, we learned of the Government’s plans to create a national anti-ransomware organisation and offer cash subsidies to small businesses to help fight cybersecurity threats.

“The timelines for this are unclear but there’s no doubt that the move would be laudable and welcomed with open arms by many businesses that continue to be plagued by ransomware attacks.”

Kavanagh says such attacks can have catastrophic consequences, not just for those against whom they are perpetrated, but for the wider public too.

“We only have to look at the devastation that was caused to patients following the 2021 hacking of the HSE to understand the severity of the crimes,” he adds.

Banking & Payments Federation Ireland (BPFI) stats show fraudsters stole nearly €85 million through frauds and scams in 2022, an increase of 8.8 per cent on the previous year.

“Ireland is now Europe’s largest data-hosting cluster, putting the need for elevated cybercrime and data protection systems into sharp focus,” says Kavanagh.

Cyber-security remains a priority for many Irish businesses, with almost half planning to increase spending on cybersecurity controls, according to a Grant Thornton International Business Report from 2023.

Despite almost half of surveyed businesses recognising the importance of cyber investment, a significant number do not intend to invest, with 11 per cent citing resource constraints, and 18 per cent believing other areas of their businesses need investment instead.

Mike Harris, partner in Forensics and Cyber at Grant Thornton Ireland, says the figures reflect the increased challenges facing Irish businesses with regard to cybersecurity.

“It is encouraging to see that 48 per cent of the businesses surveyed intend on increasing investment over the next 12 months, and that 52 per cent have reported upgrading their controls and testing in the past year,” he says. “However, it is also worrying to see many businesses not planning further investment.

“The risks associated with ransomware attacks are higher than ever, particularly when considering the geopolitical climate. Businesses across the board need to be aware of threats and disruption as well as costs associated with dealing with breaches.

“The recent attack on Munster Technological University reflects the urgent need for businesses to invest in this area, and that no industry is immune from threat.”

Grant Thornton’s cost of cybercrime report in 2022 showed that one in three small-to-medium businesses in Ireland fell victim to cybercrime between May 2021 and April 2022. One in three were also reported to have paid out to cybercriminals, with €22,773 the average payout.