Business

Irish financial firms see cyber attacks as biggest operational threat

Survey finds large majority of compliance experts believe their company is well prepared to deal with incidents

Marks & Spencer said it would take a £136 million (€154 million) hit to its annual profits due to the April 2025 cyber attack. Photograph: Jonathan Brady/PA
Marks & Spencer said it would take a £136 million (€154 million) hit to its annual profits due to the April 2025 cyber attack. Photograph: Jonathan Brady/PA
Ian Curran
Tue Apr 28 2026 - 00:012 MIN READ

Irish financial services firms believe that cyber attacks or system outages represent the biggest threat to their operations in 2026 in the aftermath of several high-profile incidents in recent times.

However, the vast majority of companies believe they are at least reasonably well prepared to deal with an attack, a Compliance Institute survey of more than 150 experts working in financial services has found.

Survey respondents said that cyber attacks and outages are by far the biggest operational risk their firm faces this year, with some 60 per cent citing them as their top concern.

Regulatory changes are a distant second, with just 14 per cent citing this as their primary concern, followed by supply chain disruptions and staff shortages, each cited by 10 per cent of respondents.

READ MORE

No, we have not had enough of experts

‘I was a ghost writer for a gambling website. I’ve stayed away from gambling because of that’

Targeted supports more critical amid a gradual economic slowdown

‘Can I sidestep pesky and expensive legal bills on enduring power of attorney?’

Still, some 70 per cent of compliance experts said they were reasonably confident that their firm has plans to deal with incidents and address operational risk, while 17 per cent said they were very confident.

Michael Kavanagh, chief executive of the Compliance Institute, highlighted recent high-profile incidents involving companies such as Marks & Spencer and Jaguar Land Rover, which he said were “badly disrupted” by cyber attacks.

Last November, Marks & Spencer said it would take a £136 million (€154 million) hit to its annual profits due to the attack, which occurred in April 2025, leaving it unable to sell clothes and furniture online for seven weeks.

“Cyber attacks can have catastrophic consequences not just for those against whom they are perpetrated, but for the wider public,” Kavanagh said.

“We only have to look at the devastation that was caused to patients following the 2021 hacking of the HSE to understand the severity of the crimes.”

He said artificial intelligence tools are increasingly being used by cyber criminals to defraud people.

“Unfortunately, this means that the potential for damage from cyber attacks is rapidly increasing, something that compliance professionals in the financial services sector are acutely aware of,” Kavanagh said.

“So it’s incumbent on us all – consumers, businesses and regulators alike – to keep up to speed on, and to be in a position to withstand, the growing incidence and severity of cyber attacks.”

Separately, a recent survey from Vodafone found that 70 per cent of Irish SMEs were more worried about attacks on mobile devices than they were last year. Yet, more than 40 per cent still said they give full, unrestricted access to company resources on personal handsets – everything from email and apps to company documents.

  • From maternity leave to remote working: Submit your work-related questions here

  • Listen to Inside Business podcast for a look at business and economics from an Irish perspective

  • Sign up to the Business Today newsletter for the latest new and commentary in your inbox

Ian Curran

Ian Curran

Ian Curran is a Business reporter with The Irish Times
Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning