Hiscox Cyber Readiness Report 2025

62% of Irish Businesses See AI Tools as a Major Emerging Cyber Risk

Hiscox Cyber Readiness Report 2025 Revealed

 

  • 62% of businesses see vulnerabilities from third-party AI tools as a major risk over the next five years
  • 40% of Irish businesses suffered a cyber attack in the past 12 months
  • 70% paid a ransom to prevent sensitive data from being published, yet 29% had their data leaked anyway

Frequency and impact of attacks

In total, 40% of Irish businesses surveyed reported suffering at least one cyber attack in the past year. More than a third (36%) of those suffered a distributed denial of service (DDoS) attack, where criminals overwhelm a company’s servers with traffic, forcing systems offline and halting normal operations.

The consequences can be severe. 31% of businesses said a cyber attack had a material impact on their company’s financial health, while 28% reported greater difficulty attracting new customers.

Ransomware payments often fail to deliver

Irish businesses remain heavily targeted by ransomware. Of those who suffered an attack, 70% admitted to paying a ransom in the past 12 months to prevent sensitive data being published. However, the outcomes were often disappointing:

  • Over one-third (35%) still had to rebuild systems despite receiving a recovery key.
  • Nearly three in ten (29%) reported that their data was leaked anyway.

AI: A threat or an opportunity?

Almost two-thirds (62%) of Irish businesses view vulnerabilities from third-party AI tools as a major emerging risk over the next five years. Moreover, 38% reported that they were targeted between 1-10 times in the last 12 months due to vulnerabilities related to AI. 

At the same time, most (66%), see AI as more of an asset than a vulnerability, highlighting both the opportunities and dangers the technology presents. Although companies are beginning to take extra precautions when it comes to AI, with 42% reporting expecting that their company will invest against AI-related security risks by bringing some AI hardware and software development work in-house, and a further 38% saying that they are ensuring that cyber insurances include AI risks. 

Progress but concerns remain

Despite the challenges, over half (56%) of Irish businesses believe their cyber resilience has improved in the past 12 months. One in four companies expect to expand cybersecurity and data-protection investments significantly in the year ahead.

Stephen Donaldson, Head of Underwriting at Hiscox Ireland, commented:

“The Hiscox Cyber Readiness Report 2025 shows that cyber criminals are evolving just as fast as businesses adopt new technologies like AI. While most companies recognise AI’s potential to boost productivity, there’s real concern about the vulnerabilities it brings, especially through third-party tools.

“Ransomware in particular remains a costly and disruptive problem in Ireland. Too many businesses pay up in the hope of a quick recovery, but as the data shows, many still face leaks or system rebuilds even after payment. This underlines the importance of preparation, resilience, and having a clear incident response plan in place before an attack happens.

“Cyber resilience is no longer optional - it’s business critical. From protecting solvency to safeguarding customer trust, companies that invest early and continuously in cyber security will be the ones best placed to weather the next wave of threats.”

The report, now in its ninth year, surveyed 500 companies in Ireland as part of a global study of 5,750 businesses across seven countries. The survey was conducted by Wakefield Research. The research was conducted between 29 July and 8 August 2025. 

Download the full report

An in-depth evaluation: The Maturity Model

The Maturity Model offers insurance brokers a robust review of a company’s cyber risk profile.

It allows company’s and brokers to assess and gauge the firms’ strengths in six key cyber security areas, using an in-depth question set.

The result is a gold standard, value-added service, allowing companies to see where they have gaps in their cyber security operations across three key functions – people, process and technology.

Evaluate my cyber readiness