Cyber Ireland representation at Joint Oireachtas Committee on 17th October to discuss pre-legislative scrutiny of the National Cyber Security Bill 2024.
Cyber Ireland Opening Statement by Chairperson Brian Honan.
The Joint Committee on Transport and Communications met on the 17th October to discuss pre-legislative scrutiny of the National Cyber Security Bill 2024.
Cyber Ireland was invited to attend and made the following opening statement.
Watch the committee session & Cyber Ireland Chairperson’s opening statement at 22 minutes – Here
EU Regulations & Market Opportunities:
The European Union is taking an increasingly central role in cyber security with new regulations including the NIS2, DORA, Cyber Resilience Act, among others.
Across the EU, it is estimated over 180,000 companies will become regulated entities under NIS2. In Ireland alone, it will expand from approximately 70 under NIS1 to over 4,000 regulated entities under NIS2 according to initial estimates.
Furthermore, it will impact their third-party suppliers, potentially impacting millions of companies — not just large enterprises but small and medium-sized enterprises (SMEs), which are the backbone of Europe’s digital economy.
The cost of these regulations to business will be significant, with research predicting the estimated cost of NIS2 at €32 billion per annum across the EU.
The regulations aim to improve the EU’s cyber resilience, safeguarding our communications and data, and keeping the online society and economy secure. It will require increased investment, resources and prioritisation of cyber security across sectors and regulated entities. This will require innovative cyber security solutions and even more people with cyber security skills. Therefore, we believe that cyber security companies have a critical role to play in proactively supporting the adoption and implementation of these regulations, supporting skills development and providing the solutions required.
Cyber security companies in Ireland can support regulated companies across Ireland as well as the opportunity to assist companies across EU countries also.
It should also be noted these regulations will bring increased competition from cyber security providers in Europe targeting the Irish market, which we have already seen where EU companies have won tenders to provide cyber security solutions and services to the Irish government.
A significant challenge we’ve identified is the European Union’s focus on ‘technological sovereignty’, resulting in restrictions on EU public funding, R&D and tenders being provided to non-EU entities, such as those from the UK or USA.
This poses a challenge for Ireland where our sector relies on foreign companies who make up 50% of firms in the cyber security sector here, the majority of which are US-headquartered, and employ over 70% of professionals. In addition, indigenous Irish cyber security firms looking to grow and expand internationally often require funding, which mostly comes from US or UK based investors.
We must prepare companies in Ireland to proactively adapt to these regulations to be able to secure their organisations and customers.
Our people are highly skilled and our cyber security companies provide effective and high-quality solutions.
As a nimble and adaptable country with a great legacy of tech success, Ireland can take the lead in responding to the impact of EU regulation through adequate strategy, preparation, investment and execution. We can make Ireland a global leader in cyber security, exporting secure solutions and protecting organisations across the EU.
Challenges & Ask
A mature and diverse cyber security industry will play a significant role in supporting Ireland’s National Cyber Resilience and adopting to these new regulations. What we require is:
Government prioritisation of cyber security – The government needs to further prioritise cyber security as a key technology and sector to Ireland’s economy and society, similar to other European leaders such as the UK, Netherlands, Finland, and Estonia.
A whole of government approach is required with significant investment to ensure Ireland addresses significant cyber security risks and delivers on the National Cyber Security Strategy vision of “an Irish society that can continue to safely enjoy the benefits of the digital revolution and can play a full part in shaping the future of the internet”.
Skills – We need to train up 10,000 new professionals with cyber security skills to create a sustainable pipeline of talent for the private and public sector. Funding for a national cyber education and career programme for young people (11-18 year olds) is urgently required and a broader cyber awareness and literacy programme for all citizens.
Supporting SMEs: Ireland’s SMEs are the backbone of our economy and can be the forefront of national cyber resilience. However, they are time-poor, under resourced and lack the skills to ensure their organisations are secure online. While NIS2 primarily focuses on large enterprise and SMEs in critical sectors, we must also support SMEs across all sectors of our economy. Cybersecurity grants to improve Irish SMEs cyber security standards can make a significant impact and funding is required on a long-term basis. But we also need dedicated supports for micro-enterprises especially in traditional sectors.
Cyber Security Campus – To become a true leader in Europe for cyber security, Ireland needs to invest in a cyber security R&D centre. The centre would provide a centre of gravity for cyber security in the state, coordinating government departments and agencies, supporting enterprise development from start-ups, SMEs to MNCs, providing training and enhancing technological innovation in most likely some form of hub and spoke model. It should also engage with the public, supporting cyber security awareness and education, strengthening a digital society. International examples already exist, in France, the Netherlands, Sweden and across the border in CSIT at Queen’s University Belfast1 – the UK’s Innovation and Knowledge Centre (IKC) for secure information technologies.
Conclusion: Investing in Cyber security is unique amongst industry support as we will not only support the growth of the industry, but it will also deliver national cyber resilience, secure our digital economy, our digital society and our citizens.
With the headquarters of so many international technology companies based in Ireland and as a hub for data centres, we have an economic obligation to invest in cyber security and secure our country for organizations and all our people.