“For many Irish organisations hit by a cyber attack, the pressure on staff can be immense. IT teams and operational employees are often the first to feel the strain, working long hours under extreme stress to contain and resolve the crisis. 

"Senior management may be locked in emergency meetings with the board, legal teams, and the Data Protection Commission late into the night, leaving little time for rest.” 

This level of intensity can have a lasting effect on mental health, he added, contributing to burnout, anxiety, and sleep deprivation. 

Even after systems are restored, businesses frequently see higher staff turnover, a drop in morale, and lingering uncertainty over job stability.

Four in 10 Irish businesses have suffered at least one cyber attack over the past five years, according to research from insurance broker and risk management company Gallagher in Ireland. More than one in eight Irish businesses suffered financial loss and commercial disruption in the same period. 

The research included 300 business decision-makers across the UK and Ireland, a third of which are based in Ireland. Those businesses which experienced such attacks reported additional consequences as a result including: the loss of intellectual property (26%); supply chain disruption (23%); reputational damage (23%); and ransom payment demands (20%). 

“Given what we can see from the widespread impact of cybercrime, it is unsurprising that almost every Irish business leader we asked said they are concerned about the rise in cybercrime and the potential impact it could have on their company”, said Laura Vickers, director of Gallagher in Ireland. 

The three main forms of corporate cybercrime are: 

• Cyber extortion, whereby cyber criminals threaten to harm a business or steal sensitive information unless a sum of money is paid; 
• Phishing attacks, where individuals are tricked into following a malicious link or downloading an infected email attachment; 
• ‘Man-in-the-Middle  attacks, where communication between two legitimate businesses is altered from outside without their knowledge.

The research revealed large businesses with annual turnover exceeding €10m have been particularly vulnerable, followed by mid-sized companies also admitting substantial exposure.

“While it is encouraging to see businesses investing in cyber insurance and risk management, security measures must go beyond just financial protection,” said Ms Vickers. 

Many businesses are still vulnerable due to gaps in employee training, system monitoring, and access controls. Cyber threats are evolving rapidly, and companies that fail to strengthen their security posture risk serious financial and reputational damage.

Equally concerning is the lack of awareness around reporting obligations, she added, with failure to report an attack possibly leading to significant fines, compounding the financial losses from a breach. 

Businesses need to take a proactive approach, not just in purchasing insurance, but in implementing robust cybersecurity practices and ensuring compliance with legal requirements. 

“Our research suggests that there is a mismatch between how well protected businesses in Ireland believe they are against cyber attacks, and the steps they have taken to manage such threats.” Ms Vickers said. 

“Regularly updating software is a very basic step but it is crucial for cybersecurity, as updates often include security patches that address vulnerabilities and this in turn could potentially prevent cyber attacks and data breaches. Yet our survey shows that only 43% of Irish businesses do this.”