Saros Consulting, an independent IT consultancy with headquarters in Dublin, today announces the results of new research which reveals that a quarter of large businesses in Ireland reduced their cybersecurity budgets this year.
The research was carried out by Censuswide on behalf of Saros and surveyed 200 IT decision-makers in organisations in Ireland with 250+ employees, exploring their attitudes and experiences with cybersecurity.
The survey shows a split in approach to cybersecurity. While half of organisations are either decreasing their cybersecurity budgets or keeping them the same, the other half of IT leaders said that their cybersecurity budget increased this year. With increased investment comes new approaches to proactive security, and three in 10 are willing to pay bounties to experts who can expose vulnerabilities. This is already happening in practice, as over a quarter (27%) have already done this.
However, despite this growing focus on proactive security measures, confidence in overall preparedness remains mixed. Only half are confident they can detect attackers before any damage is done. This is reflected in preparedness levels, with just over 51% saying they have an incident response plan. Even where plans exist, follow-through is mixed, as only 54% say they test their incident response plan once or more per year.
Infrastructure is also proving to be a challenge among IT leaders, with 55% saying legacy systems are increasing their organisation’s cybersecurity risk. This is reflected in spending, with large enterprises in Ireland dedicating 28% of their IT budgets on mandatory system upgrades. At the same time, inefficiencies remain, as 30% of budgets are dedicated to maintaining systems that leadership acknowledges should be replaced.
Ray Armstrong, co-founder and co-CEO of Saros Consulting, said: “Reducing cybersecurity budgets at a time of increasing threat complexity is a high-risk strategy for large enterprises. Cybersecurity underpins every aspect of modern IT strategy, from digital transformation to regulatory compliance. Organisations who deprioritise it risk exposing not only their systems, but also their customers, their reputation and their long-term resilience.
“At Saros, we see first-hand that the most effective organisations take a governance-led approach, embedding cybersecurity into the fabric of their IT strategy. It is not simply about spend, but about making the right, informed investments that reduce risk and support sustainable growth.”
Justin van der Spuy, co-founder and co-CEO of Saros Consulting, said: “There is a clear disconnect between the scale of today’s cyber threats and the decision by some large organisations to reduce investment in this area. In complex environments, even small gaps in cybersecurity can have significant consequences. Cybersecurity can no longer be viewed as a secondary business priority.
“What is needed now is strategic clarity and a long-term approach to resilience. Businesses must ensure they are supported by experienced partners who can help them navigate evolving threats and increasing regulatory complexity. Organisations that recognise the growing scale of cyber risk, and continue to invest accordingly, will be far better positioned to protect their operations and long-term investments.”