Many businesses still see cybersecurity as a cost rather than a competitive edge. Such thinking is outdated and increasingly risky, says Paul Browne, product manager for AI, cyber and digital operations at Enterprise Ireland. A growing number of buyers, especially those governed by EU regulations, now require full NIS2 compliance or evidence of strong cyber practices from their suppliers.
“A focus on cyber now will give you the edge over your competition,” says Browne. “Since most businesspeople already know they need to work on their cybersecurity, this change of focus moves cyber from the ‘do it someday’ to ‘do it now’ column.”
The first practical step is to know where your critical business data is stored, and where it is backed up.
“Imagine you had a flood that wiped out every laptop and mobile in your business. Would you be able to recover? A ransomware attack is similar, and having your data backed up is your only guarantee of being able to get it back.”
READ MORE
He also stresses the need to run the latest software on all devices, including phones, laptops, routers, projectors and industrial controllers. “All have been attack entry-points in the past. Incredibly, we still see companies operating under Windows XP, which is now more than 11 years end-of-life.”
The belief that small companies are too minor to be targets is also out of date. “A new wave of AI tools means it is profitable for criminals to target smaller Irish businesses, attacking many targets in one go,” he says.
This view is echoed by Yevheniia Broshevan, co-founder and chief executive of cybersecurity firm Hacken. “No target is too small,” she says. “SMEs are increasingly exploited as entry points to much larger organisations – a classic sprat to catch the mackerel.”
She warns that companies with weak defences face a double threat: cyber breach, and the potential loss of key supply chain contracts due to poor cyber hygiene. Her advice is simple and immediate.
“No-cost first step: enable multifactor authentication across all critical systems, email, VPNs, privileged access. It immediately strengthens security, cutting the risk of phishing and credential stuffing.”
Broshevan advises SMEs to undertake vulnerability assessments using frameworks such as NIST CSF, CIS Controls or Cyber Essentials. “Short, expert-led audits or modular bug bounty engagements offered by cybersecurity firms can quickly surface misconfigurations.”
For SMEs with limited budgets, Broshevan recommends open source security tools, phishing simulations and staff awareness training, supported by regular quarterly or biannual audits. These simple steps can make a measurable difference in cyber resilience.
The most common vulnerabilities, she says, are familiar and preventable: weak or shared passwords without multi-factor authentication, unsegmented network access, unpatched systems, no encrypted offline backups, minimal logging and untrained staff unable to spot phishing emails.
“Cybersecurity is no longer just a technical safeguard, it’s a core business function,” she says. “Robust cyber-readiness is not optional. It’s the price of entry to global supply chains.”
Support for Irish businesses is available. Browne points to several resources developed by Enterprise Ireland in collaboration with the National Cyber Security Centre and MTU. The self-check toolkit at cyberresilience.ie allows SMEs to assess their own cyber posture and avoid the most obvious mistakes. For those ready to take the next step, Enterprise Ireland’s Cyber Security Review Grant provides 80 per cent funding for a consultant-led review.
“There are useful templates to bring to your next management team meeting,” says Browne. Even companies that don’t apply for the grant can use these resources to begin improving their cyber defences.
Training remains the most persistent gap. “Lack of training, both in identifying and supporting a cyber security lead, but also [a lack of] an awareness by all staff of basic cyber hygiene, is a major risk,” he warns. Skillnet Ireland offers a number of subsidised courses in this area.
Finally, Browne advises every business to develop a recovery plan. “Unfortunately, things will go wrong even with the best precautions,” he says. Cyber Ireland, the national cluster supported by Enterprise Ireland, can guide companies through the process of writing one.
It is clear that cyber resilience is now a baseline requirement for doing business. Those who act today may not only avoid disaster but gain a significant edge over slower-moving competitors.
