The Hidden Cost of Cyber Risk report, found that often the challenges being faced by companies are as a result of everyday cyber disruption, rather than large scale isolated issues.

The eir business Hidden Cost of Cyber Risk report, which is supported by Microsoft and the Kemmy Business School of the University of Limerick, has found that on average cyber attacks are costing Irish small and medium-sized enterprises (SMEs) up to €3.4bn annually. 

However, the greatest impact is not from large-scale, one-off breaches, but rather frequent, day-to-day cybersecurity-related disruptions, that are in turn, driving losses for many Irish companies. 

Reportedly, SMEs lose more than 7.2m working days every year due to cyber incidents, with affected businesses experiencing multiple incidents annually. For individual firms, this equates to nearly three working weeks lost annually. 

Susan Brady, the managing director at eir business, said: “This report shows that cyber risk is not just about rare, large-scale attacks. 

“For most SMEs, it is the cumulative impact of everyday incidents, from phishing emails and ransomware attempts to service disruptions, that drives significant loss of time and productivity. These risks affect not just individual businesses, but supply chains, customers and the wider business ecosystem.

Challenges big and small

The report noted that, while single events can have significant financial implications, research suggests that the cumulative effect of repeated disruption, downtime, lost productivity and operational interruption creates the greatest economic cost per SME annually. The report also found that “much of this impact is avoidable”, for organisations exhibiting higher ‘cyber preparedness’.   

The report stated that the companies with more cyber preparedness tend to experience fewer incidents, lower overall losses and significantly less disruption. Moreover, the organisations with higher levels of preparedness can reduce annual downtime from more than 30 days to around five days, while structured data management significantly lowers the likelihood of experiencing an attack.

Commenting on the report, the Minister of State at the Department of Enterprise, Tourism and Employment Alan Dillon, TD said, “Small and medium-sized enterprises are central to the Irish economy and ensuring they are resilient in an increasingly digital environment is critical. 

“This research highlights the real and growing impact that cyber risk is having on businesses across the country, not just in financial terms, but in disrupted operations and lost productivity. However, with the right support, guidance and focus on practical measures, businesses can strengthen their resilience and reduce their exposure. “

Dr Mauricio Perez-Alaniz, an assistant prof in the Department of Economics, for the Kemmy Business School welcomed the attention to the issue. He said, “While SMEs are increasingly being reminded about the potential productivity and sustainability gains that can arise from the adoption of digital technologies, the issue of cyber risk, and the associated costs of cyberattacks, require more attention.

“This report seeks to do just that. It provides an intuitive approach to quantify the costs of cyber-attacks in terms of direct economic costs, and more importantly, potential costs associated with downtime. It is important to keep in mind that fully quantifying such costs is difficult. While the estimates presented by the report are necessarily high-level and resting on a set of assumptions, they offer important insights into the scale and nature of the issue.”

In early June, ESET published a similar report, the SMB Cyber Readiness Index 2026, which also indicated that some organisations are neglecting to pay attention to everyday threats, amid a sharper focus on large-scale, one-off cyber incidents. The report found that businesses are risking harm and loss of profits by allowing threats perceived to be smaller, to ‘pass through’.

Previously commenting on the report, Michal Jankech, the vice-president of enterprise, SMB and MSP at ESET, said: “While 78pc of SMBs recognise cybersecurity’s strategic importance, inconsistent understanding of key threats, technology and terminology, including MDR and security posture, suggests there is still room for improvement. Any improvement will have to start with a reality check. 

“We’ve found SMBs’ concerns are often shaped by headlines on emerging threats like AI-driven attacks, while more routine risks, phishing, unpatched vulnerabilities and lack of monitoring, are underestimated. This hints that many respondents misperceive their security posture and resilience.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Integrity360’s Richard Ford discusses the unease caused by Anthropic’s advanced cybersecurity AI model, and how cyber teams can prepare for such technology.

In the time since Anthropic first revealed Claude Mythos in April, discourse around the cybersecurity AI model has been unceasing.

Anthropic’s claims that Mythos has seemingly advanced capabilities in finding and exploiting software security vulnerabilities caused a frenzy in public and private sectors around the world – including in Ireland.

“The issue is not that Anthropic has created this. The issue is that Anthropic has demonstrated that this is possible,” said Richard Browne, director of the National Cyber Security Centre, when speaking to the Oireachtas Joint Committee on Artificial Intelligence shortly after the Mythos reveal.

Mythos has not been released to the general public yet, though Anthropic had been granting access to a pool of companies, banks and authorities – that is, before a recent US government order resulted in the company disabling the model for all of its users.

But while institutions and governments panic over the capabilities of this new AI model, Integrity360 CTO Richard Ford says Mythos should be approached with “measured scrutiny rather than hype”.

“Based on the information available so far, the model appears capable as an autonomous attack tool, but there is no clear evidence that it materially outperforms existing large language models in this area,” he tells SiliconRepublic.com.

“The more important point is how it could be used. In the hands of threat actors, Mythos does not need to be revolutionary to be dangerous.

“It would still be highly effective when targeting organisations with weak security postures, particularly those lacking strong access controls, patching discipline and visibility across their environments.”

Hype and disruption

Ford says that much of what is driving both the hype and the concern around Mythos comes from self-reported results, with limited independent validation.

This makes it difficult to separate genuine technical advancement from narrative, he says.

“There is a legitimate question around whether the capabilities are being overstated or simply presented without enough context.

“Early claims of large-scale vulnerability discovery sound significant, but without external benchmarking or reproducibility, it is hard to assess how meaningful those findings are in practice.”

Ford adds that in the light of Anthropic’s previous difficulties with the US government, sceptics could reasonably question whether the Mythos announcement was “partly about shaping perception as much as demonstrating capability”.

But what if the purported sophistication of Mythos is as significant as Anthropic claims?

“If the claims hold true, there is a clear view that models like Mythos could begin to disrupt areas such as bug bounty programmes and the wider ethical hacking market,” says Ford. “The concern is not that human researchers become obsolete overnight, but that AI can significantly accelerate vulnerability discovery, shifting the balance in terms of speed, scale and cost.

“We are already seeing early indicators of this trend. AI-driven platforms are performing strongly in competitive CTF environments, where rapid analysis, pattern recognition and automation provide a clear advantage.

“That raises questions about how traditional bug bounty ecosystems evolve, especially if AI can identify issues faster than human researchers or commoditise parts of the process.”

How can organisations prepare?

Though Mythos has not been fully released to the public yet – and is currently disabled as of last week – Ford has some advice for cybersecurity teams regarding the eventual widespread availability of AI models such as Mythos.

“Cybersecurity teams should treat models like Mythos as an acceleration of existing threats rather than something entirely new,” he says. “The priority is getting the fundamentals right, because AI will exploit weaknesses faster, not differently.

“Strong identity controls, consistent patching and full visibility of assets remain critical. Organisations that lack these basics will be the easiest targets for AI-assisted attacks. In short, the better your fundamentals, the more resilient you will be as AI-driven threats become mainstream.”

Ford says organisations should avoid reacting to Mythos with panic, but should also take its implications seriously.

“The direction of travel is clear: AI is becoming embedded in both attack and defence,” he says.

He believes any organisation that is not building an AI-driven cyber defence will fall behind and “move directly into the crosshairs of attackers”.

“That does not mean chasing hype, but it does mean investing in capabilities that improve speed, scale and decision-making across detection and response,” he explains.

“At the same time, this only works if the fundamentals are in place. The organisations that will succeed will be those that combine solid core controls with intelligent automation, allowing them to keep pace as the threat landscape continues to accelerate.”

The reveal of Mythos has undoubtedly rocked the boat in relation to AI and its place in cybersecurity.

But while many worry about the impact of Mythos’s capacity for cyber exploitation, Ford believes the most significant long-term effect of such AI technology will be “a structural shift” in how quickly and cheaply cyberattacks can be executed – rather than a single breakthrough capability.

“If models like Mythos mature as suggested, they will compress the time between identifying an exposure and exploiting it,” he says. “Tasks that once required skilled researchers and time investment, such as reconnaissance, vulnerability discovery, and initial exploitation, will become increasingly automated and scalable.

“That changes the economics of cyberattacks, allowing threat actors to operate at higher volume and with greater efficiency. All of this depends of course on whether Mythos is indeed just hype or the real deal.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Netgear Orbi 970 (2-Pack) for $1,300: There’s no denying that the tri-band Wi-Fi 7 Netgear Orbi 970 is an impressive quad-band mesh. This mesh system is incredibly fast, reliable, and provides expansive coverage with plenty of high-speed Ethernet ports. However, the astronomical price makes it hard to recommend. You can get similar performance for less, and full parental controls now require a separate subscription from the security software. Ultimately, this system is only worth considering if you have a large home, a multi-gig connection, and a generous budget.

More Wi-Fi 6 or 6E Mesh Systems I Liked

TP-Link Deco XE70 Pro

Photograph: Simon Hill

TP-Link Deco XE70 Pro (3-Pack) for $250: Support for Wi-Fi 6E, which operates on the 6-GHz band, is common, but with Wi-Fi 7 rolling out, 6E routers and mesh systems like this are falling in price. A two-pack of this tri-band mesh system is relatively affordable and enough to cover most homes, making this perhaps the best Wi-Fi 6E mesh for most people. I also tested the XE75 ($270 for a three-pack), which is almost identical, but has three Gigabit ports and no multi-Gig. There is also the XE75 Pro ($400 for a three-pack), which features the 2.5-Gbps port and theoretically offers slightly more bandwidth but is far more expensive. Since TP-Link frequently discounts its products, the standard model is the best choice for most people—though multi-gig users should opt for the Pro.

TP-Link Deco X50 Outdoor for $150: This was our previous outdoor pick, and it’s still a good dual-band Wi-Fi 6 router that will form a mesh with any Deco system (I tested with the Deco X50 4G). It’s a solid performer, but with the Wi-Fi 7 BE25 Outdoor coming in around the same price, I’d pick that instead.

TP-Link Deco X55 (3-Pack) for $150: This affordable Wi-Fi 6 mesh delivers decent coverage and performance, with optional parental controls and antivirus protection, making it ideal for a modest family home. This is a dual-band system (2.4 GHz and 5 GHz). There are two gigabit Ethernet ports on each router. Coverage and speeds are solid, falling short of the Asus XT8 but beating systems like the entry-level Eero 6.

Google Nest Wifi Pro

Photograph: Simon Hill

Google Nest Wifi Pro (3-Pack) for $400: Mesh systems don’t come much simpler than this. Google’s Nest Wifi Pro is a tri-band (2.4, 5, and 6 GHz) Wi-Fi 6E system that works via Google Home, and each router sports two 1-gigabit ports. The setup is super simple, coverage and performance were solid and consistent, and my testing was refreshingly free from glitches and buffering, though WIRED editor Julian Chokkattu had issues that Google’s customer support could not fix. The Nest Wifi Pro came mid-table in raw speed at short, mid, and long range, and settings in the Home app are very bare-bones. Disappointingly, it is not backward compatible with older Nest routers.

TP-Link Deco X20 (3-Pack) for $130: The Deco X20 is an affordable Wi-Fi 6 mesh that delivers decent coverage and performance, with optional parental controls and antivirus protection, making it ideal for an average family home. This dual-band (2.4 GHz and 5 GHz) mesh was our budget pick for a long time, and there are two gigabit Ethernet ports on each router. Coverage and speeds are decent, falling short of the Asus XT8 but beating systems like the entry-level Eero 6. The app is straightforward, and it’s easy to set up a guest network. Originally released with the free HomeCare software, this has since changed to a HomeShield system, so it’s not as good a bargain as it once was.

Linksys Velop Pro 6E

Courtesy of Linksys

Linksys Velop Pro 6E (2-Pack) for $280: Once up and running, this tri-band (2.4 GHz, 5 GHz, and 6 GHz) Wi-Fi 6E system offers impressive range and decent speeds. It is competitively priced with quite a few dips in cost (don’t pay full price), comes with basic parental controls, and offers handy features like device prioritization and a guest network. But I had a terrible time with the installation. The app continually failed partway through the process, and I had to factory reset the routers. Even then, it took multiple attempts to add the nodes. It’s also not backward compatible with older Velop “Intelligent Mesh” systems, because this is a “Cognitive Mesh” system.

TP-Link XE200 (2-Pack) for $290: This tri-band Wi-Fi 6E mesh system (2.4 GHz, 5 GHz, and 6 GHz) was fast, offered consistently wide coverage, and blew away the Wi-Fi 6 competition at close range. I downloaded a 50-GB game in 20 minutes and didn’t encounter any issues during testing. As it uses the 6 GHz band for backhaul, you have to think about placement and try to keep routers in sight of each other and within 50 feet (or better, connect them via Ethernet cable). While the XE200 is better than the XE70 Pro above, it’s simply too expensive, though it has seen some deep discounts recently, so keep an eye out for deals.

ESG Exposure Research: What AI Changes and What It Doesn’t

An analyst researching a company’s fossil-fuel involvement can now ask a large language model (LLM) for the exact share of revenue tied to thermal coal and get an answer in seconds—complete with a precise percentage, a specific source citation, and a perfectly confident tone.

However, that source could be a regulatory filing that never actually existed.

This is the dual reality of artificial intelligence (AI) in environmental, social, and governance (ESG) data research. On one hand, AI tools act as an efficiency superpower, parsing thousands of pages of sustainability reports, corporate disclosures, and news feeds in the blink of an eye. On the other hand, the high-stakes world of ESG investing demands absolute accuracy, a trait that generative AI—built on probabilistic word-matching rather than factual truth—fundamentally lacks.

As asset managers, rating agencies, and index constructors face tightening greenwashing regulations and stricter disclosure mandates, the role of the ESG analyst is undergoing a massive shift. AI assists them by changing the speed, scale, and cost of processing unstructured data. What AI doesn’t change, however, is the fundamental requirement for data integrity, human skepticism, and the deep contextual understanding needed to separate corporate spin from genuine impact.

Stanford RegLab’s study of legal AI tools found that even specialized tools from LexisNexis and Thomson Reuters hallucinated between 17% and 33% of the time. That matters for ESG because the workflow is similar: a user asks a research question, the model searches a document base, and the answer must be tied to a reliable source.

There is also ESG-specific evidence. The ESGenius benchmark, which tested 50 language models on ESG and sustainability questions, found that state-of-the-art models achieved only moderate zero-shot accuracy, typically around 55% to 70%. The results improved when models were grounded in authoritative sources, which reinforces the same point: AI output in ESG cannot be trusted without source-level grounding.

The same risk appears in financial table work. The FAITH benchmark, built from S&P 500 annual reports, showed that financial LLMs frequently hallucinate on complex financial table tasks. ESG exposure research often depends on the same type of work: extracting segment revenue, calculating percentages, and reconciling figures across notes and subsidiaries.

If the model misreads a table, cites a weak source, or invents a supporting reference, the revenue exposure data becomes unreliable.

2. AI Blurs Important Classification Boundaries

AI often collapses distinctions that matter in ESG exposure screening. For instance, a model may classify a company as “coal involved” if a report mentions coal logistics, a backup power unit, a discontinued coal asset, or a risk note on coal regulation. But these are not the same as direct coal production. Ultimately, a human would have to fix such boundary mistakes (e.g., confirming that a logistics company that merely transports coal via its rail network does not qualify as a thermal coal producer under the exclusion policy).

The same problem can appear in other categories. A retailer selling lottery tickets is not the same as a casino operator. A company supplying packaging to a tobacco firm is not the same as a tobacco manufacturer. A business with a palm oil sourcing policy is not automatically a palm oil producer.

3. AI Fails to Adapt to Client-Specific Exclusion Methodologies

Exclusion policies are not universal; a company that passes a screen for one asset manager might fail it for another. AI struggles here because it treats corporate data as a static set of facts rather than a dynamic input that must be filtered through different client-specific lenses.

For example, an asset manager running a strict faith-based mandate might require a zero-tolerance exclusion of any revenue derived from gambling logistics, while an institutional pension fund might only exclude direct casino operators that generate more than 5% of their revenue from gaming. Similarly, one client may view a company’s palm oil sourcing policy as a positive ESG mitigant, while another client’s strict “zero-deforestation” mandate demands an automatic exclusion if palm oil is present anywhere in the supply chain.

Because AI models are typically trained on generalized compliance definitions, they routinely fail to pivot their logic based on who the data is being collected for. Without highly customized prompting or manual intervention, AI will apply a uniform blanket standard—either over-excluding viable companies or letting flagrant violations slip through because it doesn’t understand the specific client’s shifting threshold for “involvement.”

4. AI Inherits the Bias of Corporate Disclosure

AI can only work with the evidence available to it. If a company discloses little, uses vague language, or buries information in subsidiaries, the model may produce a cleaner answer than the evidence allows.

This is already a known issue in ESG. MIT Sloan’s Aggregate Confusion Project found that ESG ratings from prominent agencies had an average correlation of 0.54, compared with 0.92 for credit ratings from Moody’s and S&P. That gap shows how differently ESG evidence can be interpreted even before AI is introduced.

AI does not remove that uncertainty. If implemented poorly, it can hide uncertainty by turning fragmented ESG risk exposure data into a single confident output.

ESG Exposure Metrics Research Needs More than Just AI in 2026

Incorrect ESG exposure data does not stay inside a spreadsheet. It can affect index inclusion, fund screening, rating decisions, and client reporting. The cost of weak ESG exposure research is rising for two reasons.

● First, ESG rating activity is becoming more regulated. The EU (European Union) ESG Ratings Regulation applies from 2 July 2026, with ESMA (European Securities and Markets Authority) becoming the direct supervisor of ESG rating providers operating in the EU. This increases pressure on providers to show how ratings, methodologies, and data sources are built.

● Second, sustainability reporting rules are changing. The EU’s CSRD (Corporate Sustainability Reporting Directive) simplification raises the reporting threshold to companies with more than 1,000 employees and more than €450 million in net annual turnover. That means fewer companies will be covered by standardized sustainability reporting than under the earlier scope.

For ESG exposure teams, this creates a difficult combination. More scrutiny is being placed on ESG data, while parts of the research may depend more on fragmented, non-standardized sources. Ethical AI can simplify ESG data research by helping teams process disclosures faster, organize evidence, and identify missing data points. But in ESG exposure research, that value holds only when AI outputs are traceable, reviewed by analysts, and supported by source-level documentation.

The Operating Model that Works: AI for Discovery, Humans for Attribution

AI should not be removed from ESG exposure research. It should be placed in the right part of the workflow. A reliable ESG Exposure Research model works like this:

1. AI scans filings, websites, reports, and news sources to identify evidence of possible exposure.

2. Each AI-generated lead is checked against the original source and verified before use.

3. Analysts confirm whether the activity is direct, indirect, current, discontinued, subsidiary-level, or group-level.

4. Revenue exposure is calculated from verified financial data, with assumptions clearly documented.

5. Each final ESG data point includes source details, date, confidence level, and review status.

6. Unverified AI leads are logged, so teams can track tool performance over time.

This model incorporates human-in-the-loop verification in ESG exposure research: AI handles the scale problem and provides speed, and people handle the attribution problem. 

The Bottom Line

The strongest ESG research workflows will not be the ones that use AI to replace analysts. They will use it to reduce search time while keeping humans responsible for verification, attribution, and auditability. As scrutiny of both ESG data and AI tightens through 2026 and beyond, this boundary will decide which datasets can withstand review and which ones cannot. 

Midjourney once built its reputation on turning short text descriptions into elaborate digital images. The company has now announced a sharp turn toward hardware that produces something far more personal: three-dimensional maps of what lies beneath a person’s skin. The new effort, called Midjourney Medical, centers on an ultrasound scanner designed to gather rich body-composition data in roughly a minute while the user stands in a shallow pool of gently lit water.

Founder David Holz detailed the concept in a lengthy blog post. The system lowers a person onto a platform, which gently descends via a ring of sensors floating in water. As the body moves, hundreds of thousands of small elements emit ultrasonic waves in all directions and capture the echoes that return. Different parts of the body, such as skin, fat, muscle, bone, and organs, have detectable effects on those waves. The massive amount of data that comes in, terabytes per second, is then fed into a cluster of computers, which reconstructs it all into clear 3D images and body maps.

Sale

ScanSnap iX2500 Wireless or USB High-Speed Cloud Enabled Document, Photo & Receipt Scanner with Large…

• OUR MOST ADVANCED SCANSNAP. Large touchscreen, fast 45ppm double-sided scanning, 100-sheet document feeder, Wi-Fi and USB connectivity, automatic…
• CUSTOMIZABLE. SHARABLE. Select personalized profiles from the touchscreen. Send to PC, Mac, mobile devices, and clouds. QUICK MENU lets you quickly…
• STABLE WIRELESS OR USB CONNECTION. Built-in Wi-Fi 6 for the fastest and most secure scanning. Connect to smart devices or cloud services without a…

Some early prototypes have already collected scans from a dozen or more individuals. The technology makes use of miniature ultrasound modules from Butterfly Network, with dozens of them in each scanner. The AI then assists in determining how to convert those raw sound waves into usable images, as well as distinguishing between one part of the body and another. Currently, the output focuses on precise maps of body composition rather than actual medical diagnosis.

The physical experience is far more relaxing than an MRI. There are no large magnets or small tunnels in sight, only a shallow pool of pleasant light. A platform descends, your body passes through the sensor ring, and it’s over in a minute. Midjourney describes the entire experience as moving at a leisurely speed, similar to taking a warm bath. The laid-back atmosphere was all part of the idea. They plan to open a Midjourney Spa in San Francisco by the end of 2027, combining traditional wellness elements such as hot tubs and saunas with pools for the scanners. The idea is that you go there to relax, and as a bonus, you’ll leave with all of this health data that you can review, track, or share with your doctor.

According to Holz, the primary goal is to make the technology fast and simple to use, as well as to provide consumers with a wealth of relevant health information promptly and affordably. The scanner is designed to run roughly a hundred times faster than an MRI and produce images that match or even outperform MRI quality for body composition analysis. Plus, it’s non-ionizing and the entire thing is open water, so there’s no need to worry about the normal sources of discomfort.

They are still in early stages of development. The next year will be spent adjusting the hardware and software, conducting additional research, and developing a second-generation scanner. They want to open the first spa by the end of 2027 before expanding to additional locations in 2028. Longer term, they hope to have 50,000 scanners in place by 2031, with a monthly scan rate of a billion.