Leading IT professionals outline the growing online threats to Irish businesses and best-practice methods to beat the hackers
David McMunn, Partner & head of data protection, intellectual property, AI and IT, Beauchamps
ACTIVITY: The cyber market continues to surge. The Irish sector generated an estimated €3.2bn in revenue last year, up 13.4 per cent over the previous two years.
Two in three Irish companies plan to raise security budgets again this year, according to PWC’s Digital Trust Insights Survey 2025.
Clients are concentrating spend on controls that demonstrably reduce risk and regulatory exposure.
The imminent transposition of the Network and Information Systems Directive 2 (NIS2) directive through the National Cyber Security Bill and the extra-territorial reach of the Digital Operations Resilience Act (Dora) have accelerated board-level engagement.
Cybersecurity is a critical necessity for organisations worldwide; the prevalence of threats, coupled with the timely introduction of a new regulatory environment, has notably increased activity for us.
INNOVATION: We have expanded our offering to meet 2025’s regulatory and threat horizon. We have a dedicated and compliance suite now which enables us to map legal duties to technical standards, reporting lines and benchmarking suppliers against new Cyber Resilience Act (CRA) product standards.
While a proactive approach to compliance is best practice in cyber-security risk management, we recognise that modern threats increase the need for rapid and tailored incident response.
We believe a personal, pragmatic and holistic approach is essential when it comes to responding to the challenges our clients face.
THREATS: Phishing and email-borne malware remain the principal infection vectors, but Irish businesses are increasingly encountering ‘double-extortion’ ransomware, supply-chain compromises and DDoS campaigns that mimic the 2021 HSE attack.
Third-party breaches are a top concern as attackers target potential weak points. Added to this are the increase of dataleak marketplaces, IoT exploitation and sophisticated information manipulation, all pressuring businesses to adopt a ‘zero-trust’ approach.
We also see heightened regulatory scrutiny of data integrity, manipulated datasets can breach both GDPR accuracy principles and emerging AI governance rules, creating complex and parallel liabilities.
TRENDS: The threat landscape is marked by increasing sophistication and diversity.
AI and machine learning are being weaponised by cybercriminals to automate phishing, create deepfakes and conduct advanced reconnaissance.
Quantum computing, while evolving, poses a threat to current encryption standards.
We know that malicious actors are stockpiling data with a view to using this for future decryption processes.
Improved defensive technologies are mitigating many incidents before they escalate, but the volume and complexity of attacks continue to grow.
OUTLOOK: We expect increased regulation and international alignment, which will drive higher cyber security standards and professionalism among stakeholders.
By the end of this year the National Cyber Security Bill (implementing NIS2), the CRA and Dora will be operational, creating a consolidated compliance baseline and materially higher sanctions for businesses of up to €10m, or 2 per cent of global turnover.
We should anticipate insurers to condition coverage on independent resilience audits and for investors to require cyber-security specific warranties in M&A deals.
Firms that embed cyber risk into enterprise governance now will convert regulatory burden into a durable competitive advantage.
