Back

EMEA Firms Underestimating Routine Cybersecurity Risks Amid AI Concerns

Severity: Low (Score: 39.9)

Sources: Siliconrepublic

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: emea, finds, cyber, research, eset, firms, report

Summary

A new ESET report reveals that 64% of EMEA organizations expect a cyber attack this year, with 44% having faced incidents in the past 12 months. Despite fears of AI-powered malware, which 31% of respondents cite as the top threat, actual risks stem from phishing (27%), unpatched software (23%), and weak passwords (20%). The research involved 4,400 organizations across 13 countries, highlighting a disconnect between perceived and actual threats. While 78% of SMBs acknowledge cybersecurity's importance, many misunderstand key threats and technologies. Training is deemed critical by 87%, yet only 43% utilize effective programs. Budget constraints and integration challenges hinder improvements, despite 83% viewing their cybersecurity budgets as sufficient. Key Points: • 64% of EMEA firms anticipate a cyber attack this year, with 44% reporting incidents. • AI-powered malware is perceived as a major threat, despite no incidents reported involving it. • Only 43% of organizations use effective training programs for cybersecurity awareness.

Detailed Analysis

**Impact** Approximately 4,400 organisations across 13 countries in Europe, the Middle East, and Africa (EMEA), including sectors with 25 to 1,000 endpoints, are affected. 64% anticipate a cyberattack within the year, and 44% have experienced incidents in the past 12 months. The main business consequences include financial losses from phishing scams and operational disruptions due to unpatched software and weak security monitoring. Data at risk primarily involves credentials and sensitive business information targeted by routine scams rather than AI-driven malware. **Technical Details** The primary attack vectors are phishing emails, exploitation of unpatched software vulnerabilities, weak password usage, and insufficient security monitoring. No incidents involving generative AI malware were detected in ESET’s managed detection and response (MDR) service. Specific CVEs or malware families are not detailed in the reports. The kill chain stages most exploited include initial access via phishing and persistence through unpatched vulnerabilities and poor credential hygiene. **Recommended Response** Prioritize employee training with quality programs such as phishing simulations, increasing frequency to at least several times per year. Apply all relevant software patches promptly to reduce vulnerability exposure. Enhance security monitoring capabilities to detect and respond to routine threats effectively. Monitor for phishing indicators and enforce strong password policies. No specific IOCs or CVEs were provided for targeted blocking.

Source articles (2)

  • EMEA firms still being harmed by 'old tricks', finds cyber report — Siliconrepublic · 2026-06-09
    ESET’s research finds that businesses are prepared for ‘high-tech threats’ yet are struggling to manage ‘run of the mill’ scams. According to new research carried out by ESET in the SMB Cyber Readines…
  • EMEA firms underestimating 'routine risks', finds cyber report — Siliconrepublic · 2026-06-10
    64pc of participating EMEA organisations anticipate an attack in the year, with 44pc having already experienced an incident over the past 12 months. According to new research carried out by ESET in th…

Timeline

  • 2026-06-09 — ESET report highlights underestimation of routine risks: The report emphasizes that while firms fear AI threats, phishing and unpatched software pose greater risks.
  • 2026-06-10 — ESET Cyber Readiness Index 2026 released: The report reveals that 64% of EMEA organizations expect an attack, with 44% having experienced incidents in the past year.

Related entities

  • Malware (Attack Type)
  • Phishing (Attack Type)
  • Canada (Country)
  • Czech Republic (Country)
  • Denmark (Country)
  • France (Country)
  • Germany (Country)
  • Ireland (Country)
  • Italy (Country)
  • Japan (Country)
  • Netherlands (Country)
  • Slovakia (Country)
  • Spain (Country)
  • Sweden (Country)
  • siliconrepublic.com (Domain)
  • [email protected] (Email)
  • T1566.001 - Spearphishing Attachment (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed