The oldest cyber risk is still the biggest risk facing Irish businesses

Guest post by Niall Mackey is Managing Director at Topsec Cloud Solutions, which provides email and cloud security solutions for organisations across Ireland, the UK and North America.

Every year a new technology is expected to change cyber security forever. Artificial intelligence is the latest example. The narrative is familiar. AI will transform cyber crime, overwhelm defences and create an entirely new threat landscape.

Cyber risks to watch for Irish businesses

Yet the reality facing organisations in 2026 is far less dramatic and just as threatening as ever.

If a cyber criminal wants to attack your organisation, they can choose no more lucrative entry point than email. The inbox is where attacks begin, no matter how advanced AI is and continues to become.

In April 2025, The Irish Times released a report that showed “Almost 90 per cent of Irish businesses have suffered some form of financial loss and commercial disruption as a result of a cyberattack in the past five years.”

We complain about our overflowing inboxes, but email sits at the centre of how companies communicate. It’s quick and woven into everyday workflows. That makes it a great communication tool and the equivalent of a candy shop for attackers.

AI is changing tactics rather than the threat itself

Since generative AI tools became widely available, warnings about an AI driven cyber crime surge have dominated headlines. This new tool is being used by malicious actors to craft convincing emails, mimic writing styles and impersonate individuals.

However, for cyber defense companies working to keep their clients safe, the real world detection data suggests a far more complex situation.

Artificial intelligence is not suddenly breaking email security systems.

Instead, it is making it easier for attackers who already understand social engineering to craft more convincing messages.

The technology helps write better phishing emails. But the real driver of success is still human psychology and behaviour. Urgency, authority and trust remain the levers attackers rely on most.

Business Email Compromise continues to cause major losses

One of the clearest examples of this is Business Email Compromise. These attacks remain among the most financially damaging forms of cyber crime worldwide.

And, surprisingly, their success is not the result of sophisticated malware. Instead they exploit trust within normal business communication.

An employee might receive an email that appears to come from a supplier or senior executive with a request that seems entirely logical.

The email often is “just” an email. No suspicious links or files are included. As a result, the email will slip through security filters without raising alarms like any other piece of business communication. From a technical perspective, it looks like a completely legitimate message.

Herein lies an uncomfortable truth. Email security is not only about identifying malicious content. It is about understanding the intent and context behind the communication.

Phishing attacks are becoming more subtle

The stereotype of phishing as mass spam sent to thousands of inboxes is increasingly outdated. Today, many of the most successful attacks are slow, targeted and laser focused on reaching the right target. Cyber criminals have evolved their techniques from the old spray and pray approach.

Attackers gather information from company websites, LinkedIn profiles, social media accounts and media coverage. With this public information available at the fingertips, it’s easy for a cyber criminal to identify a real and senior person in an organisation.

The resulting email may appear routine and may not contain any links or attachments. Instead it relies on familiarity and timing to avoid suspicion.

For Irish organisations where teams often work closely and communication is informal, this type of attack can be particularly effective. A message that references a real project or colleague can easily blend into normal business activity.

Why younger workers are increasingly vulnerable

Although they’re digital natives, younger employees are becoming more vulnerable to phishing attacks.

In Q4 of 2025, Irish Tech News published a report by Accenture stating that 52% of Irish office workers feel confident to identify a phishing attempt. This statistic speaks of a large awareness gap in the modern workplace.

At the same time, younger professionals often manage multiple communication platforms simultaneously. Email, messaging apps, collaboration tools and social media all compete for attention.

This constant flow of information creates cognitive overload. When people are distracted or working under pressure, it only takes a momentary lapse in attention to click a malicious link or respond to a fraudulent request.

The real focus for organisations in 2026

For organisations investing in cyber security, it is tempting to focus on the newest threats and technologies. Artificial intelligence has introduced powerful capabilities on both sides of the cyber security equation.

Protecting organisations from email attacks requires more than technology alone. It requires an understanding of the psychological factors that drive human behaviour and ability to connect the dots. Something human cybersecurity experts are skilled at.

In 2026, the human factor is still both the greatest vulnerability and the strongest defence to keep organisations safe from cyber attacks.

Author bio:
Niall Mackey is Managing Director at Topsec Cloud Solutions, which provides email and cloud security solutions for organisations across Ireland, the UK and North America.

See more breaking stories here.