Majority of Irish businesses lack sufficient awareness of cyber security measures, survey finds

Only 20 per cent of sector said they were “very aware” of the measures needed

The majority of Irish businesses lack sufficient awareness of the specific measures or tools needed to protect their data and digital assets, a new survey has found.

The results of the survey, which was carried out by iReach Insights for Google, come despite a number of high profile cyber attacks against Irish businesses and organisations.

Only 20 per cent of Irish businesses said they were “very aware” of the measures needed, while less than two thirds described themselves as knowing “a little but not much”. This was despite more than three quarters of small and medium sized businesses saying that having a secure online presence is necessary, and 42 per cent naming it as a priority.

The research found less than half required staff to change passwords regularly, or undertake periodic security awareness training. Just over a half of SMEs regularly backup data and ensure software is updated, while only 53 per cent use two step authentication for accessing devices. Only 28 per cent said they have a response plan in case they are hit by a cyberattack.


Some 38 per cent of SMEs manage cybersecurity in-house, and have the highest levels of satisfaction at 70 per cent. A quarter outsource it and more than third have a mix of both, with the latter showing the lowest level of satisfaction at 53 per cent.

“In recent years trading online has become crucial for many businesses and it has also opened doors to new markets internationally,” said Carol Gibbons, head of regions and Local Enterprise, Enterprise Ireland. “This brings opportunity but also significant exposure for businesses to threats such as cybercrime. This new element of the initiative is the perfect first step for businesses to enhance their cybersecurity protocols.”

The research was published to coincide with a new cyber security module for Google’s You’re the Business training scheme, an initative that was launched in July last year by Google, Enterprise Ireland and the Local Enterprise Offices to help increase skills at small businesses and help them grow through digitalisation.

Is mortgage interest relief a really bad idea?

Listen | 44:39

Marie Davis, head of SME retail for Google in the UK and Ireland said the new online training module would help protect SMEs from the growing threat of cyberattack.

Among the high profile victims of recent attacks are the HSE, which was hit by a ransomware attack in May 2021, as was engineering company Jones Engineering. Earlier this month, Aer Lingus was among one of the global companies caught up in a cyberattack that compromised employee personal information, through human resources and payroll support services provider Zellis.

In February, Munster Technological University was a victim of BlackCat, a sophisticated ransomware gang. Most recently, hairdresser chain Peter Mark last week said internal human resources data had been “compromised” in an attack.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist