Irish firms cut cybersecurity budgets despite threats

ThinkBusinessThinkBusiness

Saros research highlights mixed investment patterns, rising use of bug bounties, and gaps in incident readiness.

A significant share of large businesses in Ireland scaled back cybersecurity spending in 2026, even as threat levels remain elevated and digital transformation continues to reshape enterprise risk.

New research from Dublin-based Saros Consulting shows that 25% of large organisations reduced their cybersecurity budgets this year. The study, conducted by Censuswide among 200 IT decision-makers in organisations with more than 250 employees, points to a divided approach to investment across the market.

“Organisations who deprioritise cybersecurity risk exposing not only their systems, but also their customers, their reputation and their long-term resilience”

While a quarter cut spending, half of respondents reported increases in their cybersecurity budgets, reflecting differing strategic priorities among IT leaders. The findings suggest that investment decisions are being shaped as much by internal constraints and legacy infrastructure demands as by external risk factors.

New tactics in fight against cybercrime

The survey indicates that more organisations are exploring proactive approaches to cybersecurity. Around 30% of businesses said they would consider paying security experts to uncover vulnerabilities through bounty programmes. This practice is already established in some organisations, with 27% confirming they have paid such bounties.

These initiatives are gaining traction as companies look to strengthen defensive capabilities beyond traditional tools. Even so, confidence in detecting cyber threats remains measured. Only half of respondents believe their organisation can identify attackers before any damage occurs.

Preparedness at an operational level also varies. Just over half of large organisations have a formal incident response plan in place. Among those that do, consistent testing is not universal, with 54% reporting they test these plans at least once a year.

Infrastructure challenges are playing a central role in shaping both risk exposure and spending patterns. More than half of IT leaders said legacy systems are contributing to increased cybersecurity risk within their organisations. These systems, often critical to operations, can be difficult to secure and integrate with newer technologies.

Budget allocation data reflects this ongoing tension. On average, 28% of IT budgets is directed towards mandatory system upgrades. At the same time, approximately 30% is spent maintaining systems that leadership teams recognise should be replaced, pointing to structural inefficiencies that can constrain more strategic investment.

Informed investment decisions

Ray Armstrong, co-founder and co-CEO of Saros Consulting, said organisations need to view cybersecurity as integral to overall business strategy.

“Cybersecurity underpins every aspect of modern IT strategy, from digital transformation to regulatory compliance,” Armstrong said. “Organisations who deprioritise it risk exposing not only their systems, but also their customers, their reputation and their long-term resilience.”

He added that the most effective organisations are those embedding cybersecurity into governance structures rather than treating it as a standalone function.

“It is not simply about spend, but about making the right, informed investments that reduce risk and support sustainable growth,” he said.

Justin van der Spuy, co-founder and co-CEO of Saros Consulting, said the findings point to a gap between threat levels and some investment decisions being made in large enterprises.

“In complex environments, even small gaps in cybersecurity can have significant consequences,” he said. “Cybersecurity can no longer be viewed as a secondary business priority.”

Van der Spuy emphasised the importance of long-term planning and access to expertise, particularly as regulatory expectations continue to evolve.

“Businesses must ensure they are supported by experienced partners who can help them navigate evolving threats and increasing regulatory complexity,” he said. “Organisations that recognise the growing scale of cyber risk, and continue to invest accordingly, will be far better positioned to protect their operations and long-term investments.”

The research reflects a broader moment of recalibration for enterprise IT leaders, as competing demands for digital investment, operational efficiency, and security resilience continue to shape decision-making across Ireland’s largest businesses.

Image at top: Justin van der Spuy and Ray Armstrong, co-founders and co-CEOs of Saros Consulting

  • Bank of Ireland is welcoming new customers every day – funding investments, working capital and expansions across multiple sectors. To learn more, click here

  • For support in challenging times, click here

  • Listen to the ThinkBusiness Podcast for business insights and inspiration. Latest episodes are here. You can also listen to the Podcast on:

  • Spotify

  • SoundCloud

  • Apple

Previous Post
Next article
ThinkBusiness
ThinkBusiness
ThinkBusiness.ie, powered by Bank of Ireland, has been created for Irish business owners and managers who are seeking information, resources and help on a range of business topics. It provides practical, actionable information and guidance on starting, growing and running a business.

Recommended