Many organisations walk a tightrope of vulnerability to cyber threats across all of their day-to-day operations. This is the reality underscored in Cybersecurity Trends in Ireland 2023, a new report by Microsoft Ireland exploring C-suite perspectives on cybersecurity threats and resilience in Ireland. Three notable themes emerge as key insights for executives and leaders: investment in strategic IT governance, embracing artificial intelligence (AI) in cybersecurity and managing legislative compliance in 2024.
Cybersecurity vulnerabilities persist across Irish industries, exacerbated by the absence of joined up, comprehensive defence strategies. While indicators suggest there is a strong focus on people training and embedding of cyber defence skills, true organisational resilience requires continuous evolution and investment in technological solutions, and a culture of strict IT governance processes, led by all senior leaders in the business rather than just the IT function. The report surveyed 200 C-suite leaders exploring their perspectives on cybersecurity threats and resilience in Ireland.
It reveals that 46 per cent of respondents encountered one or more cyber incidents in the past three years, with 30 per cent grappling with data breaches. Strikingly, only 14 per cent reported these incidents to the National Cyber Security Centre (NCSC) or the Data Protection Commission. Despite this, cybersecurity remains a priority, with 74 per cent of respondents maintaining their cybersecurity spend and 57 per cent conducting regular cybersecurity training. That said, while organisations invest in cybersecurity, the study reveals a deficiency in crucial strategic processes. Risk assessments, multilayered strategies and practised IT business continuity plans are notably absent in over half of the surveyed organisations. Alarmingly, 26 per cent of organisations plan to neglect IT security infrastructure investment in the coming year.
“Every day, Irish organisations are susceptible to and vulnerable to attack – as is evidenced by our latest piece of research,” says Kieran McCorry, Microsoft Ireland national technology officer. “What is clear from this study is that cyber defences in Ireland are being compromised by the lack of a comprehensive cyber defence strategy, that is lived and owned by all decision-makers within organisations.”
‘A gas emergency would quickly turn into an electricity emergency. It is low-risk, but high-consequence’
The secret to cooking a delicious, fuss free Christmas turkey? You just need a little help
How LEO Digital for Business is helping to boost small business competitiveness
‘I have to believe that this situation is not forever’: stress mounts in homeless parents and children living in claustrophobic one-room accommodation
Embracing AI in cybersecurity
In the rapidly evolving landscape of cybersecurity, AI is emerging as a focal point for both regulators and industry leaders. Our report reveals that 14 per cent of organisations in Ireland use AI-enabled technologies within their IT security strategy, with the common purposes of AI within their security posture being cyber intelligence and threat exposure, and cyber incident reporting (both at 44 per cent). That said, almost a third (30 per cent) of leaders are unsure if they are in fact using AI technologies for cyber defence, so the reality may in fact look a bit different.
Despite new innovations in cyber defence, security operations teams can still grapple with various challenges. Managing disparate security toolsets from siloed technologies and apps pose a considerable hurdle. The industry is at a pivotal moment, demanding a step-change in approach.
When leveraged as a form of defence, AI can be a powerful tool for enhancing cybersecurity and defending against cyber threats. Its ability to analyse vast data sets in real-time enables quicker detection and response to threats compared to traditional methods. Notably, the report references the successful use of AI technology in Ukraine where it helped the nation defend against Russian cyberattacks.
Regulation and legislation compliance
Amid the promising landscape of AI in cybersecurity, a crucial aspect often overlooked is impending legislation. According to our research, many Irish executives remain unaware of the upcoming NIS2 directive, which will mandate organisations to adopt a more robust cyber defence strategy. Additionally, a majority has expressed uncertainty regarding their organisations’ investments and roadmaps to ensure compliance with NIS2.
The NIS2 directive, effective in October 2024 across the EU, impacts over 180,000 companies from 18 different sectors. This directive plays a pivotal role in enhancing the cybersecurity posture of organisations and building trust with stakeholders. It establishes a baseline of minimum-security measures for digital service providers and operators of essential services, aiming to mitigate the risk of cyberattacks and elevate overall cybersecurity standards in the EU.
While the report indicates that over 70 per cent of leaders are not adequately aware or prepared for NIS2 compliance, it presents an opportunity beyond mere adherence. NIS2 serves as a chance for organisations to build trust with customers and ensure readiness for future cyber threats. Microsoft’s NIS2 guiding principles, designed for business leaders, offers high-level insights essential for shaping an effective NIS2 transformation strategy.
Building cyber resilience
Globally, bad actors are executing more sophisticated attack strategies and using very effective ‘living off the land’ techniques to evade detection. Equally, it is clear from this latest report that Irish executives are increasingly concerned about the changing cyber threat landscape. Organisations must accelerate the move to the cloud, where security innovations will have the most impact. This will ensure AI innovation provides defenders with a durable technological advantage over attackers. Public-private collaboration should be another key focus for organisations so that we are bringing to bear the best technological and regulatory tools to combat cyber aggression, for all sectors and operating environments. Deeper alliances must be forged in the private sector and stronger partnerships made between the private and public sectors.
In Ireland we see impactful collaborations with the NCSC, industry and academia that provide a robust ecosystem that can be built upon and leveraged in the future. What is clear from this study is that executives must begin to explore more strategic methods for cyber defence and resilience through which new technologies, such as AI, can be used to embed intelligent threat prediction and prevention and to bolster incident recovery plans. Additionally, the processes, behaviours and cultural attitudes in relation to cyber security are often just as important as the technological defences deployed to successfully prevent and manage attacks.