Cyber Security & Business Resilience IE - Q2 2024

Page 1


Cybersecurity & Business Resilience

“The European Digital Single Market could be a massive

“Simply blocking one type of attack does not guarantee organisational resilience.”

Eoin Byrne, Cluster Manager, Cyber Ireland Page
David Cahill, Information Security Manager & Committee Member, IISF Page

Steering securely: the critical role of directors in cybersecurity governance

The role of board directors in overseeing cybersecurity is paramount. By engaging with cybersecurity experts, organisations can ensure governance and respond to emerging digital threats.

With cyber threats increasing in complexity and frequency, directors must proactively engage in strategic oversight and risk management to align cybersecurity measures with organisational goals, mitigate risks and ensure adherence to regulations.

Training for cybersecurity governance FutureRange works extensively with board directors, providing tailored training that helps them understand and fulfil cybersecurity governance responsibilities.

Daniel Garry, Cyber Security Director emphasises: “Directors face significant challenges in cybersecurity, particularly in formulating the right questions for their executive teams and advisers. Boards should foster an environment that welcomes specialised external expertise, especially when internal capabilities are limited.”

Key actions to manage cyber threats

Directors must implement several key actions to manage cyber threats effectively:

(1) Understand and swiftly respond to cyber threats by assessing risks and making informed decisions; (2) Establish a comprehensive cyber threat management plan that delineates clear policies and incident response strategies; (3) Foster a proactive cybersecurity culture through awareness and training programmes at all levels; (4) Engage external experts to access specialised knowledge and address emerging risks.

“Protecting an organisation’s reputation by enhancing its resilience against breaches is essential,” notes Garry. Cybersecurity is vital for more than just data protection; it guards operational continuity, maintains reputation, ensures financial stability and bolsters compliance. This investment also builds trust among all stakeholders including shareholders and customers, crucial for organisational success.

Support ensuring cybersecurity resilience

“As stewards of governance, directors are responsible for ensuring the organisation’s resilience against the impacts of cyber incidents. They must be well-versed in cybersecurity to safeguard assets and effectively integrate cyber risk considerations into corporate strategy and risk management frameworks,” Garry points out. A robust cybersecurity strategy involves safely integrating data and operational technology, requiring comprehensive defensive strategies and external partnerships.

Collaborating with cybersecurity experts like FutureRange can strengthen an organisation’s cyber defences and leadership in the digital world. This ensures compliance with regional regulations and supports directors in fulfilling their governance responsibilities. Engaging with specialised partners enhances readiness and response to the evolving cyber threat landscape.

How Ireland can lead the charge in securing the EU digital market

The European Union (EU) aims to create a world-leading Digital Single Market, and its security is a key objective. The EU is now taking an increasingly central role with new regulations for cybersecurity.

Three years on from the HSE cyber-attack, organisations, businesses and citizens are more aware of cybersecurity threats and risks. However, the market for digital products globally is in a similar position now to where the automotive industry was up until the 1960s. Manufacturers built and sold cars first and worried about the safety of the vehicles and dangers to road users afterwards.

The regulations and what they mean for businesses EU power corridors are prioritising cybersecurity with upcoming legislation starting with the NIS2 Directive in October this year, DORA in January 2025 and further regulations in the coming years such as the Cyber Resilience Act.

They each have their specific area of responsibility, but overall, they will require higher cybersecurity standards for hundreds of thousands of businesses that will now become regulated entities across the EU. Moreover, it will impact their suppliers too, creating a multiplier effect and potentially impacting millions of companies — not just large enterprises but small and mediumsized enterprises (SMEs), which are the backbone of Europe’s, and Ireland’s, digital economy.

Keeping up to date with all these regulations is a challenge, particularly for SMEs. Similar to GDPR, there is a

lack of awareness around the impact of these regulations on businesses, with many taking a wait-and-see approach. Changing mindset: regulation is a business opportunity

Thinking about compliance as a ‘cost centre’ — focusing on what regulations don’t allow — inhibits businesses from uncovering potential new opportunities for business growth and operational improvement.

The European Digital Single Market could be a massive business opportunity for companies in Ireland providing solutions that meet EU cybersecurity regulations. As a nimble and adaptable country with a great legacy of tech success, Ireland can take the lead in responding to the impact of EU regulation through government and business investment.

We can make Ireland a global leader in digital resilience, exporting secure solutions worldwide. To do so, we must raise awareness of regulations and their impact on companies in Ireland.

Businesses should keep up to date on regulations and seek external support from IT and legal specialists. The Government is demonstrating its ambition and leadership in the development of Ireland’s first Cyber Industrial Strategy, which is currently underway. With the right business environment and support, we can realise Ireland’s cyber potential.

or +44 (0) 203 642 0737

Daniel Garry Cyber Security Director, FutureRange
Eoin Byrne Cluster Manager, Cyber Ireland

Expert ransomware guidance and cyber insurance for businesses of any size

According to new data from the latest Hiscox Cyber Readiness Report, almost threequarters (71%) of Irish businesses suffered at least one cyberattack over the last 12 months — a 22-point increase on the previous year (49%).

Cyber insurance benefits businesses of all sizes

Even though they are small in size, SMEs are part of a larger supply chain and, therefore, still vulnerable. They are easier to hack than big corporations, and they’re usually connected to larger supply chains, providing hackers with a way to the top.

For instance, the files of a small business unexpectedly become encrypted, and a ransom demand from a hacker arrives. An employee of a firm could make a bank transfer of €25,000 to fraudsters after falling victim to

a phishing email supposedly from a senior manager. An employee may misconfigure a software update over a weekend, leaving systems unavailable and causing business interruption.

Small businesses vulnerable to ransomware attacks

It has become increasingly common for smaller businesses to be targeted with ransomware, which is a type of malicious software that blocks access to a computer system or encrypts files on it. It’s used to demand money from people, and they can only have their files back once they have paid the ransom.

We have seen a rise in this type of attack as threat actors have moved their focus to smaller businesses seeking smaller ransoms. Most big organisations would be able to repel a ransomware attack, but that’s not the case for smaller ones. They find themselves with encrypted files, unable to run their business. They are then left with no option but to pay the ransom.

Hackers leveraging artificial intelligence

As artificial intelligence (AI) becomes increasingly integrated into our daily lives, so do potential threat actors. AI reduces barriers for novice cybercriminals, hackers-for-hire and hacktivists to conduct access and information-gathering operations. Threat actors, including ransomware groups, are leveraging AI to increase the efficiency and effectiveness of certain cyber operations, such as reconnaissance, phishing and coding. This trend will almost certainly continue to develop.

Phishing, typically aimed at malware delivery or password theft, is key for cybercriminals to gain initial network access for ransomware attacks or other cybercrimes. Utilising AI models to enhance access will likely escalate the global ransomware threat in the near future.

If you’re a small business owner, cybersecurity should be a priority.

Get proactive and seek expert help

For small businesses, seeking external guidance regularly would be wise to ensure ongoing security. Consideration should be given to contracting a Chief Information Security Officer (CISO). They can assist with tasks like patching, which addresses known vulnerabilities in computer systems often exploited by hackers as a way in.

Crucially, get the culture within your business right. Training your staff to spot an attack is key because relying on technology is often not enough. For example, at a basic level, all staff should be aware of what spam emails and fake web pages look like.

Plus, while anti-virus and firewall programs can detect viruses and system vulnerabilities, you can’t rely on them to protect you against cybercriminals actually tricking you in person, otherwise known as ‘social engineering.’ Hiring a professional to deliver a staff training session will help ensure they are informed and aware.

Why cyber insurance is your ally

Hacking is prevalent globally, serving various purposes, some malicious.

Amid the risks, cyber insurance offers invaluable protection to any business. If you’re a small business owner, cybersecurity should be a priority.

Cyber insurance investment safeguards not only your data but your finances and reputation. When our clients experience a cyber incident, we deploy an expert response team to cover all legal, IT and potential PR issues that can accompany a data breach. When you look at the bigger picture — you can see why cyber insurance is critical in an interconnected world.

In 2023, after a period of relative calm, ransomware attacks spiked, with a significant rise in the prevalence of data theft-only extortion. Remain vigilant and protected with cyber insurance.
Lorraine Rowland Senior Claims Underwriter, Hiscox
Sponsored by Hiscox

How cyber fusion centres are redefining Ireland’s role in global cybersecurity

Cybersecurity is fast evolving. Learn how cyber fusion centres revolutionise threat detection and response for businesses globally, plus the crucial role Ireland plays.

Arecent Deloitte survey of financial services companies found that cybersecurity functions are increasingly focusing on business impact and risks, not just technology challenges. This shift reflects cybersecurity’s growing strategic role for businesses. This is also manifesting itself in the establishment of cyber fusion centres (CFCs).

What are cyber fusion centres?

CFCs take a holistic, multidisciplinary approach to safeguarding company security by merging traditionally independent security and risk units under a single entity. This creates the synergy required to detect and respond to sophisticated security threats, 24/7, 365 days a year.

CFCs have been described as the next evolution of the Security Operation Centre that typically focuses on the IT security vertical. The fusion centre originated after 9/11 in the US to facilitate intelligence sharing among federal and state agencies, plus local law enforcement, aiming to prevent similar attacks.

Cross-platform cyberattacks exploit gaps Modern cyberattacks exploit crossplatform vulnerabilities, targeting gaps between physical and IT security systems, as well as other operational units, to infiltrate organisations. For example, in the months leading up to a cyber-attack, it is not uncommon to log attempted breaches of physical infrastructure.

Similarly, the MOVEit data breach in May 2023 showed the importance of taking a cyber lens to vendor management. This commonly used file transfer protocol has gained the trust of thousands of companies across diverse industries. This attack alone has impacted over 2,700 organisations and exposed the data of about 95.7 million individuals.

CFCs provide the collaborative, intelligence-sharing infrastructure to help global corporations join the ‘cybersecurity dots’ by simultaneously enhancing attack prevention and recovery across every aspect of the business.

Opportunities in cyber FDI

According to Cyber Ireland’s Annual Survey 2023, foreign direct investment (FDI) supports 71% of employment in the Irish cyber sector. IDA client activity, particularly in the international financial services sector, has been growing rapidly in recent years. Irish FDI sites lead in securing the future of payments, digital banking, investment management and insurance.

Ireland may not be known for its sunny climate, but its high-calibre tech, R&D talent base and geographic position make it a top location for optimal cyber coverage within the follow-the-sun model.

IDA Ireland is working with existing and new clients to help drive these strategic cyber fusion investments. This effort aims to make Ireland a global player in data, cloud and AI-enabled cybersecurity resilience across industries.

Impact and implications for businesses navigating EU cybersecurity legislation

Discover how we defend today and secure tomorrow against cyber threats. Learn about the NIS and NIS2 Directive’s impact on EU cybersecurity legislation.

The National Cyber Security Centre (NCSC) leads the national response to cyber risk. We defend today and seek to secure tomorrow.

Defending today involves responding to incidents, thwarting bad actors and building strong sustainable networks with colleagues and stakeholders nationally, regionally and globally. Securing tomorrow requires us to build and sustain better infrastructure with technologies supported by an internet that is secure, open and free for everyone to use.

EU cybersecurity legislation impact

Our most significant regional networks are those we build within and throughout the EU. As with other areas of our daily lives, the EU as a legislative body has issued numerous regulatory interventions relating to cybersecurity. Most notably, they issued the Network and Information System (NIS) Directive in 2016. This had a profound impact on the administration of cybersecurity throughout the EU. Following a large amount of work, the national legislation for the initial NIS Directive was signed in September 2018. At the time of its introduction, the Operators of Essential Services (OES) were impacted by the NIS Directive within the State numbered 70.

NIS2 expands scope and mandates cybersecurity

In December 2022, that initial Directive was followed by what is known widely as NIS2. This contains measures for a high level of cybersecurity across the EU. Importantly, from the NCSC’s perspective, we have gone from being able to host all those impacted by the initial Directive in one room, to having thousands of entities come into scope.

All those within scope are expected to selfidentify as such.

Importantly, this includes any business classified as medium or above — that is any business with 50 or more employees or a turnover of €10 million. Even more importantly, all those within scope are expected to self-identify as such. Similarly, they are expected to have robust security measures in place, and responsibility for this rests with the entities’ boards.

Timely, clear NIS2 communication and registration Within the NCSC, we are committing to:

• Ensure that our communications on the progression of national NIS2 legislation are timely and clear;

• Provide a single portal, which will enable entities to register as being in scope and report significant incidents, as required by the Directive;

• Setting clear cybersecurity measures arising from the Directive and assisting the federated national competent authorities in enforcing them.

Richard Browne Director, National Cyber Security Centre
Dr Nicola Stokes Chief Technologist International Financial Services, IDA Ireland

Security-focused LLMs to enhance compliance under EU regulator guidelines

As cybersecurity regulations tighten, businesses face the challenge of maintaining continuous compliance.

The software industry is at a pivotal juncture, marked by the convergence of AI and stringent regulatory frameworks to combat the staggering cybercrime costs, estimated to reach €10.5 trillion annually by 2028.

Board members and C-level executives in professional services, financial sectors and security industries must adjust to evolving regulations, notably the software supply chain under the NIS2 (Network and Information Security) directive or DORA (Digital Operational Resilience Act) and the EU CRA (Cyber Resilience Act), which mandates a CE mark for software products trading in the EU.

Security LLM solution for compliance

Generative AI can be pivotal in facilitating compliance efforts in this landscape. Protostars, an innovative AI for cybersecurity startup in this space, utilises sophisticated security-focused large language models (security LLMs) to streamline people and processes. It’s a nuanced approach to secure code analysis to bridge the gap between code testing and compliance controls.

Enhanced secure code analysis

Protostars’ security LLMs contextualise secure code analysis, addressing the limitations of traditional manual methods for evidence-based compliance. These models identify code vulnerabilities by continuously scanning codebases and enhancing audit reporting from key stakeholder perspectives. This proactive, inclusive approach enables organisations to mitigate risks effectively and support financial decision-making.

Why your organisation can’t afford to ignore new EU cybersecurity laws

New EU cybersecurity legislation comes into force soon. Affected organisations must comply with it or face significant fines — so it’s vital to prepare for its implementation.

In a matter of months, a new EU law comes into force, which will have a dramatic impact on Ireland’s digital services sector. This is NIS2 — also known as the Network and Information Security Directive — an extensive piece of legislation seeking to strengthen and harmonise cybersecurity across organisations in all EU member states. Mandatory NIS2 compliance and potential fines NIS2 becomes law in October 2024, and compliance will be mandatory for organisations that meet or exceed a specific size and/or turnover threshold. Those that don’t reach the Directive’s cyber risk management and incident reporting standards — among other requirements — could face potentially punitive fines. That’s why Irish businesses should be asking

Bridging code testing with regulatory controls

A significant challenge in compliance lies in aligning code testing with regulatory controls. Security LLMs map code requirements to relevant standards, simplifying the compliance process. This alignment is crucial for obtaining the CE mark under the EU Cyber Resilience Act, reducing complexity and streamlining compliance efforts for development teams.

Simplified path to software CE mark

Navigating the EU Cyber Resilience Act also requires organisations to undergo stringent conformity assessments. Protostars-AI simplifies this process by offering automated compliance checks and comprehensive reports. This ensures a clear understanding of compliance status and areas for improvement, facilitating the journey towards obtaining the CE mark.

Board-level understanding and accountability

Understanding cybersecurity compliance can be challenging for board members and senior executives. AI addresses this by translating technical security audit reports into actionable insights. This fosters better decision-making and ensures accountability at the highest levels.

As organisations adapt to NIS2, DORA and EU Cyber Resilience Act, AI offers invaluable support in navigating compliance changes. By leveraging security LLMs, businesses in various sectors can enhance their cybersecurity posture, streamline compliance processes and mitigate risks effectively. Partnering with AI-driven solutions not only represents a strategic approach to compliance but also ensures organisations remain resilient amid evolving regulatory landscapes.

supervisory regime will be strictly enforced, and failure to report breaches will be harshly punished,” warns Curtin. The maximum fine for violations is €10,000,000 or 2% of global yearly revenue — whichever is higher.

The new legislation poses challenges from a regulatory enforcement standpoint, he admits. “To be able to do their jobs properly, regulators will need to be fully resourced with the right staff and facilities,” says Curtin. “This will take time, which is fast running out.”

themselves: will this new legislation apply to us? If it does, are we ready for it?

David Curtin, CEO of .ie — the trusted national registry for over 330,000 .ie domain names — is concerned that they might not be prepared. “NIS2 is an update of NIS1, the previous EU cybersecurity directive,” he explains. “While NIS1 only applied to around 100 Irish companies, approximately 3,000 Irish entities will have to comply with the new legislation, according to the NCSC.”

Broader scope and stricter enforcement Another difference is that only seven sectors were affected by NIS1 (including healthcare, energy and transport); but NIS2 will cover 15 sectors (including manufacturing, digital providers and food production). “Plus, this time around, the

The maximum fine for violations is €10,000,000 or 2% of global yearly revenue — whichever is higher.

Taking proactive steps to help prepare your business

Affected organisations must be ready for the October cut-off date. For its part, .ie’s multi-stakeholder Policy Advisory Committee has been spreading the word about NIS2 and highlighting basic steps to support cyber-preparations. “Carry out a full audit of your systems landscape and assess your approach to risk management, crisis management and disaster recovery,” says Curtin.

“Top managers have to get involved in this task — don’t delegate it. Also, evaluate your supply chains to ensure your providers are NIS2 compliant, and carry out an incident response ‘dry run,’ but don’t bury your head in the sand. Find out now if NIS2 applies to you.”

David Curtin CEO, .ie
Sponsored by .ie
Kim
Instead of only stopping attacks, be ready for them.

Information Security

& Committee Member, IISF (Irish Information Security Forum)

How to build cyber resilience to defend against threat actors

To comply with industry regulations and demonstrate a strong cybersecurity posture, organisations must be vigilant in safeguarding their corporate digital estate. Collaboration is crucial, as sharing threat intelligence across industries helps organisations stay ahead of attackers and minimise downtime.

Cybersecurity focuses on protecting information by preventing, detecting and responding to cyber risks.

In contrast, cyber resilience includes impact tolerance and the ability to maintain and recover key business activities during a cyberattack or other service interruption.

Prepare for and absorb threats for cyber resilience

Cyber resilience acknowledges that every system, no matter how robust, has potential vulnerabilities that can lead to business impact and disruption.

It prepares for the inevitable — ‘when’ not ‘if’ an incident occurs. Instead of only stopping attacks, be ready for them. Such focus allows for business continuity throughout cyber attacks or any other customer service-limiting incident.

Cyber resilience extends beyond the first line of defence. While a secure perimeter is important, resilience is how well you will be able to absorb and keep on running when exposed to or under a threat. Simply blocking one type of attack does not guarantee organisational resilience. Instead, a comprehensive strategy is essential — one that addresses navigating multiple and potentially impactful scenarios.

How to start building risk-focused cyber resilience strategies

Enterprise-grade cybersecurity utilises mature risk-based assessments, where business impact is the focus. This creates an inventory of key assets and identifies where additional and warranted protection and detection capabilities are needed. A balanced approach is key — facilitating the readiness to act both on the prevention

and recovery side.

Building resilience requires plans that can adapt according to how events and incidents are handled. If relying on traditional recovery methods, organisations should have strategies that can change as the threat landscape evolves. Regular testing and scenariobased exercises help improve readiness by ingraining the response actions, into ‘muscle memory.’

Simply blocking one type of attack does not guarantee organisational resilience.

Extending our knowledge-sharing and incorporating threat intelligence

Collaboration and information-sharing are increasingly crucial as mandated by emerging regulations, such as DORA and NIS2, across industries. By leveraging threat intelligence, a cyber resilience strategy ensures that we stay ahead of threat actors, quickly identifying and mitigating potential threats before they can impact our business operations, thereby maintaining continuity and trust with our customers.

Integrating threat intelligence and knowledge-sharing into our resilience framework also allows us to proactively adapt to emerging threats. This integration minimises downtime and ensures that critical business functions remain unaffected even in the face of sophisticated threat actors or cyberattacks.

Cyber services help SMEs with compliance and mitigation measures for cybersecurity

SMEs are often unaware of upcoming cyber legislation and the tools that can help them improve their cyber resilience. A community of experts is working to change that.

Today’s businesses are exposed to increasingly sophisticated attacks from cybercriminals. “However, in my experience, SMEs recognise this danger and know just how vital it is to protect themselves,” says Dr Seamus Dowling. “What they often don’t understand, though, is the first step they should take to improve their cyber resilience.”

That’s where Dowling’s expertise comes in. As a Programme Chair and Lecturer in Cybersecurity at Atlantic and Technological University (ATU), he is also Cybersecurity Resilience Lead at Data2Sustain, a consortium of universities, research centres and dedicated digital resources from industry that form a governmentfunded European Digital Innovation Hub (EDIH) network. In all, there are four EDIHs in Ireland and 288 across Europe.

Free cyber services for digitalisation

As part of the national and wider European network, Data2Sustain provides free cyber services (subject to state aid) to businesses and public bodies to advance digitalisation and data innovation.

“European Digital Innovation Hubs build skills and human capacity in digital technology, support sectoral Test-before-Invest innovation projects and actively work to bring together an ecosystem of expertise with a regional or sectoral focus,” explains Mike Conroy, Director. “By working in an ongoing consultancy, workshop or project basis, we assess an SME’s needs and help create a roadmap towards cyber resilience.”

Identifying where vulnerabilities exist Clients can include everyone from manufacturing, data services and cloud services companies to healthcare and application development businesses.

The first step is always the same. “We begin by assessing their current assets in order to identify where vulnerabilities exist,” says Dowling.

“For instance, if SMEs store and control data in the cloud, they might think it’s compliant and secure — but the cloud infrastructure might be located in a region with conflicting data residency legislation. By understanding where breaches could occur, mitigation measures can then be put in place.”

By understanding where breaches could occur, mitigation measures can then be put in place.

Helping achieve regulatory compliance

Data2Sustain actively engages with SMEs to raise legislation awareness and create the frameworks that can help them achieve compliance. For example, the Network and Information Security Directive (NIS2) comes into force in October and identifies ‘minimum measures’ an SME must implement. These include risk assessment, multifactor authentication, cybersecurity training and security procedures.

“The SMEs that come to us are very cognizant of their responsibilities,” says Dowling. “But they can be surprised by legislation that is fast coming down the tracks. Nevertheless, once we identify what they need to do to achieve compliance, they are very willing to go on that journey.”

Transform your security operations with a modern security dataverse

Learn why traditional security information and event management architectures are burdensome and how a modern security data pipeline can dramatically cut technology costs, allowing you to improve your cyber defences.

In an evolving cyber threat landscape, traditional Security Information and Event Management (SIEM) architectures are becoming inefficient and unsustainable. They consume a significant portion of the security budget, hindering the ability to address other critical gaps in your security program. However, introducing a modern security data pipeline can revolutionise security operations.

The problem: traditional SIEM architecture is dead

The conventional ‘log everything’ strategy is no longer fit for purpose. Logs contain vast amounts of data, requiring ever-increasing cloud storage. Costs associated with retaining this data year over year continue to escalate, consuming a substantial portion of security program budgets. This approach strains financial resources and complicates data management, making it challenging to extract actionable insights.

Modernising the security data pipeline

• Vulnerability management: Efficiently identify and mitigate vulnerabilities.

• Threat hunting: Proactively search for threats within the environment.

• Enriched insight and data analysis through AI: Leverage artificial intelligence to gain deeper insights and improve decision-making.

SOAR (security orchestration, automation and response): Owing to more complete logging and enhanced data insights — quicker detection and faster incident response are possible.

To address challenges, a modern security data pipeline approach is essential.

To address challenges, a modern security data pipeline approach is essential. Not all SIEM logs are created equal. By cleansing and redirecting only critical log data into the SIEM and retaining everything else in a data lake, organisations can significantly reduce costs and improve useability. This approach can cut SIEM costs by as much as 80%, freeing up budget to address gaps that were previously unaffordable. Moreover, this streamlined data management results in more manageable data sets, enabling several valuable use cases, including:

Cyber program with benchmarking and resilience assessments

Once a modern dataverse is in place, it is crucial to assess its effectiveness. A threat-driven cyber resilience assessment, benchmarked against peers, ensures that security controls are functioning as expected. These assessments help meet regulatory requirements such as the Digital Operational Resilience Act (DORA) and the European Union Threat Intelligence-Based Ethical Red Teaming (EU TIBER). It also prioritises future activities to strengthen defences and resilience.

By adopting a modern security data pipeline, organisations can reduce costs, enhance visibility and improve overall security posture. Security Risk Advisors is committed to helping organisations in the UK and Ireland navigate this transition, ensuring they are well-equipped to face the challenges of the modern threat landscape.

WRITTEN BY Tony Greenway

How to protect the 1 in 3 small businesses in Ireland hit by cybercrime

Cybercrime threatens Ireland’s small businesses, with one in three falling victim. There are free toolkits and vital resources available to boost their security.

Cybercrime is the number one threat when it comes to financial crime in Ireland.1

This is particularly true for small businesses; one in three of which fell victim to cybercrime between May 2021 and April 2022, according to data from Grant Thornton. 2

Over 43% of cyber-attacks are targeted at small businesses, which are seen as low-hanging fruit for criminals due to their limited resources and funding. Small businesses are the lifeblood of the economy, and more needs to be done to provide training and resources that limit these digital threats.

Training and cybersecurity toolkit support Over 85% of small businesses do not have a cybersecurity plan in place, due to lack of funding (47%), skills (50%) and

low awareness of potential risks (36%). These statistics are one of the reasons we, at Mastercard, are a proud sponsor of the Global Cyber Alliance’s (GCA) Cybersecurity Toolkit.

The Toolkit provides small businesses in Ireland with a completely free handbook and resources to help improve their resiliency and security when it comes to areas like passwords, phishing, malware and more. It is available, for free, through our Mastercard Trust Centre.

Upskilling and adaptation to threats Upskilling is vital in helping small businesses and entrepreneurs defend themselves, but we also recognise that cybercrime is becoming more sophisticated. It’s important that the technology being developed to stop these criminals also improves.

That spirit of innovation is at the heart of everything we do at Mastercard, and we believe in supporting big ideas that have the potential to scale — wherever they might start.

Over 43% of cyber-attacks are targeted at small businesses.

Supporting innovation

That’s why we recently launched our Strive EU Innovation Fund, providing over €4.5 million worth of grants to businesses offering innovative B2B solutions specifically designed for European small businesses with fewer than 10 employees.

The Fund will offer grants of up to €500,000 to as many as 20 winners developing digital and data-first solutions. These solutions must promote the growth of small businesses in Europe, with a specific focus on several key areas, including cybersecurity.

Cybercrime may disproportionately affect small businesses, but it’s our collective responsibility to ensure entrepreneurs have access to the expertise, training and resources they need to not only protect themselves but to thrive.

References 1. Cybercrime a major threat to small businesses (compliance.ie) 2. Cyber-security remains a priority for Irish businesses, with almost half likely to increase investment in risk mitigation | Grant Thornton

Ireland’s cybersecurity strategy to enhance economic and employment opportunities

Cybersecurity is essential to the digital economy and society for protection and resilience. The cybersecurity sector can boost economic growth, and evidence shows we continue to benefit from this.

Akey goal of the recently reviewed National Cyber Security Strategy is to develop the capacity of the State, educational and research institutions, businesses (including SMEs), the voluntary sector and public sector when it comes to protecting ourselves, our data and our networks online.

Collective effort for cybersecurity industry

The Strategy highlighted that a collective effort is needed not only for resilience but also to realise economic and employment opportunities. In recognition of this, the review called for the development of a ‘whole of government’ strategy for empowering the cyber industry in Ireland.

Realising a diverse, skilled workforce, a mature research community that engages at a global level and a vibrant export-oriented indigenous industry is a shared responsibility, involving the national industry cluster Cyber Ireland. The Strategy is critical; its aims and objectives are reflective of some of the key policy goals within my department, and we plan to act on its recommendations.

Cybersecurity industry driving economic growth

The recently published consultation paper on a draft industrial strategy ‘Harnessing Cyber as an Engine of Economic Growth’ references the number of firms at almost 500, employing over 7,300 professionals with an annual contribution of over €1.1 billion to the economy. The cybersecurity industry is largely comprised of multinational firms from like-minded international partners, with indigenous enterprises being part of their value chains.

Investment in cybersecurity education and innovation

Ongoing financial support for training and education is essential to growing the cybersecurity talent pool. With increasing geopolitical and regulatory challenges, there’s a need, particularly for SMEs, to fully avail of market access to the rest of the EU.

Ireland, as a digitally advanced economy, relies heavily on cybersecurity expertise.

Sustained investment in a dedicated facility for research and innovation helps improve research expertise in cybersecurity with emerging disruptive technologies (ie. AI, Quantum, 6G, etc.). Additionally, partnerships with select multinational firms help secure and maintain their longer-term commitments to Ireland.

Ireland, as a digitally advanced economy, relies heavily on cybersecurity expertise. This is evidenced by the large number of multinational firms based here that serve European and global markets. There’s also a growing number of indigenous businesses focused on cybersecurity, ably supported by Enterprise Ireland.

There is an economic opportunity to grow Ireland’s industrial sector by partnering with established local firms, attracting multinational firms and providing highervalue employment. That, in turn, enhances national cyber resilience. Our dual aims work well together, and the Government continues to monitor and support this symbiotic, critical relationship.

Danielle Maloney Country Manager, Ireland, Mastercard
Peter Burke Minister for Enterprise, Trade and Employment

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.