One in four Irish firms cut cyber budgets, survey finds

Saros Consulting reported that one in four large organisations in Ireland reduced their cybersecurity budgets this year, according to a survey of 200 IT decision-makers at organisations with more than 250 employees.

The findings show a divided approach to funding cyber defences. While 25% said budgets fell, half reported higher spending and the rest said budgets stayed the same.

Preparedness was similarly mixed. Only 50% of respondents said they were confident they could detect attackers before any damage was done, while 51% said their organisation had an incident response plan.

Among those with a response plan, testing was far from universal. Just 54% said they test it at least once a year.

Budget split

The data suggests many organisations are balancing new cyber spending against the burden of older technology estates. More than half, 55%, said legacy systems were increasing cybersecurity risk.

That pressure is also reflected in broader IT budgets. Respondents said 28% of IT spending goes on mandatory system upgrades, while 30% is used to maintain systems that leadership already believes should be replaced.

The survey also found that some large organisations are turning to external security researchers to identify flaws. Three in 10 said they would be willing to pay bounties to experts who expose vulnerabilities, and 27% said they had already done so.

The figures point to a more proactive approach to testing, even as confidence in detection and response remains limited. Some businesses appear to be adding targeted measures while still struggling with basic readiness.

Ray Armstrong, Co-founder and Co-chief Executive Officer at Saros Consulting, said: "Reducing cybersecurity budgets at a time of increasing threat complexity is a high-risk strategy for large enterprises. Cybersecurity underpins every aspect of modern IT strategy, from digital transformation to regulatory compliance. Organisations that deprioritise it risk exposing not only their systems, but also their customers, their reputation and their long-term resilience."

"At Saros, we see first-hand that the most effective organisations take a governance-led approach, embedding cybersecurity into the fabric of their IT strategy. It is not simply about spend, but about making the right, informed investments that reduce risk and support sustainable growth."

Readiness gaps

The findings underline the challenge facing IT leaders as cyber risk rises while budgets remain under pressure. For some organisations, investment appears to be increasing in response to threats. Others are cutting back or standing still despite concerns about ageing systems and uneven incident planning.

The sample covered IT decision-makers in the Republic of Ireland at organisations with at least 250 employees. Saros, which is based in Dublin, said Censuswide conducted the research.

Justin van der Spuy, Co-founder and Co-chief Executive Officer at Saros Consulting, said: "There is a clear disconnect between the scale of today's cyber threats and the decision by some large organisations to reduce investment in this area. In complex environments, even small gaps in cybersecurity can have significant consequences. Cybersecurity can no longer be viewed as a secondary business priority."

"What is needed now is strategic clarity and a long-term approach to resilience. Businesses must ensure they are supported by experienced partners who can help them navigate evolving threats and increasing regulatory complexity. Organisations that recognise the growing scale of cyber risk, and continue to invest accordingly, will be far better positioned to protect their operations and long-term investments."