SME Cyber Resilience: Ireland's State of the Sector 2025

This report presents the first national assessment of cyber resilience across Irish small and medium enterprises (SMEs), drawing on data from 894 organisations across 11 sectors collected through the Cyber Resilience for SMEs assessment tool during 2024-2025. Using the Cyber Fundamentals (CyFun) framework, aligned with NIST Cybersecurity Framework v2.0, SMEs were evaluated across six domains: Govern, Identify, Protect, Detect, Respond and Recover. The analysis reveals a critical cyber resilience gap, with 78% of SMEs classified as having low or very low cyber resilience and only 6% achieving high or very high scores.

This report was published by Munster Technological University (MTU) 'Digital Resilience for SMEs' Research Team in collaboration with the Irish National Cyber Security Centre (NCSC). It was funded under the Digital for Resilience National Challenge Fund, established as part of the National Recovery and Resilience Plan (NRRP), and supported by the EU Recovery and Resilience Facility through Taighde Eireann.