When a Sligo construction firm received what looked like an updated bank account notification from a long-standing subcontractor in early 2025, the accounts team processed a payment of €22,000 to the new details without a second call. The subcontractor's email had been compromised three weeks earlier. The money was unrecoverable. The firm had no cyber insurance. An Garda Síochána's National Cyber Crime Bureau logged the report, but with the funds already overseas, recovery options were limited. The attack used a technique that is now common, well-documented, and entirely preventable with the right controls in place.
Irish SMEs are not smaller targets for cybercriminals — they are preferred targets. Fewer dedicated security staff, legacy IT systems, and a widespread belief that "we are too small to be worth attacking" create exactly the conditions that attackers look for. The NCSC Ireland recorded a significant increase in incidents affecting Irish businesses in 2024 and 2025, with SMEs disproportionately represented.[^1] Here are the five threats that account for the vast majority of those incidents.
Threat 1: Ransomware
Ransomware has evolved from indiscriminate spray-and-pray campaigns into targeted operations designed to maximise financial damage. In 2026, attackers first spend time inside a target network before encrypting anything — mapping file servers, locating backups, and often exfiltrating data to use as additional leverage. The "double extortion" model means you face both the ransom demand and the threat of your customer data being published publicly.
For Irish SMEs, the most common ransomware entry points are phishing emails that deliver malware, and exposed Remote Desktop Protocol (RDP) connections with weak or no MFA. The defences are well understood: offline and offsite backups that are tested regularly, MFA on all remote access, and modern endpoint protection that can detect malicious behaviour rather than just known malware signatures.
Does your business have a tested backup that could restore operations within 24 hours of a ransomware attack? Book a free 20-minute strategy call — we can assess your backup posture and ransomware exposure in one session.
Threat 2: Phishing and Business Email Compromise
Phishing is the entry point for the majority of all other attacks. Your email is your largest attack surface, and every employee who reads email is a potential target. In 2026, AI tools allow attackers to craft phishing emails that are grammatically perfect, contextually relevant, and personalised using information scraped from LinkedIn and your company website. The era of catching phishing by spotting bad grammar is over.
Business Email Compromise (BEC) — where an attacker either compromises a real business email account or convincingly impersonates one — is the specific form most damaging to Irish SMEs in financial terms. The Sligo case above is representative. The defences are email authentication (SPF, DKIM, DMARC), MFA on all email accounts, and a verified callback procedure for any payment instruction that arrives by email alone.
Threat 3: Supply Chain Attacks
Your cybersecurity posture is only as strong as your weakest supplier. Supply chain attacks exploit the trusted relationships between businesses — an attacker compromises a software provider, IT support firm, or payroll processor, then uses that foothold to reach every one of their clients. The SolarWinds attack demonstrated this at scale globally; the same technique applies to smaller ecosystems involving Irish SMEs and their local IT providers.
NIS2 places specific obligations on Irish businesses to manage third-party risk, and the Data Protection Commission expects businesses to conduct due diligence on processors handling personal data on their behalf.[^3] At minimum, ask your critical suppliers about their security certifications, MFA policies, and breach notification procedures. Your contracts should include security obligations, not just data processing terms.
Threat 4: Cloud Misconfiguration
Most Irish SMEs now rely heavily on cloud services — Microsoft 365, Google Workspace, cloud accounting, CRM systems. The shift has brought enormous productivity benefits and a new attack surface that many businesses do not fully understand. Cloud misconfiguration — storage accessible without authentication, overly permissive user access, default settings left unchanged — is a leading cause of data breaches globally and increasingly in Irish businesses too.
The defences are practical. Conduct a quarterly review of who has access to what in your cloud environment, with particular attention to administrator accounts. Ensure no storage or file shares are publicly accessible. Enable audit logging so that unusual access patterns can be detected. Your IT provider or a vCISO can run a cloud security review in a day and identify the most critical misconfigurations.
Threat 5: Insider Threats
Insider threats are less discussed but consistently present. They take two forms: the malicious insider who intentionally steals or sabotages data, and the negligent insider who creates a breach through carelessness — clicking a phishing link, misconfiguring a share, or sending sensitive data to the wrong recipient. The second category is far more common and requires training and process rather than suspicion.
Access controls are the primary defence: staff should only have access to systems and data they need for their specific role. When someone leaves the business, their access should be revoked the same day. An Garda Síochána notes that insider incidents are often not reported by affected businesses, which means the true scale is likely underreported.[^2]
The Pattern Across All Five
What these five threats have in common is that they all exploit the same basic gaps: lack of MFA, inadequate staff training, unpatched systems, weak access controls, and no tested incident response plan. Addressing those foundations does not eliminate risk, but it removes the low-effort entry points that the majority of attacks rely on.
Most Irish SME cyber incidents in 2026 exploit gaps that have been understood — and fixable — for years.
What to Do Next
Prioritise three actions this quarter. First, audit your MFA coverage across all email and cloud accounts and close any gaps. Second, review your backup testing schedule and run a restore if you have not done so in the last 90 days. Third, brief your accounts team on the BEC payment verification procedure — a simple phone callback rule that stops the most financially damaging attack category in its tracks.
Related Reading
- AI-Powered Phishing: Why Your Employees Can No Longer Spot the Fakes
- Backup Strategy for SMEs: The 3-2-1-1-0 Rule Explained
- Vendor Risk Management for Irish SMEs
[^1]: NCSC Ireland — Advice for Organisations: https://www.ncsc.gov.ie/advice-for-organisations/ [^2]: An Garda Síochána — Cyber Crime: https://www.garda.ie/en/crime/cyber-crime/ [^3]: Data Protection Commission: https://www.dataprotection.ie
Pragmatic Security — Cybersecurity advisory for Irish businesses. Based in Donegal, Ireland. CISA, CISSP, CISM certified advisors.