US +1 302 608 6303 | UK +44 204 566 6000 | IRL +353 21 212 8332

Key Insights from NCSC Annual Conference Dublin 2025

by | Dec 3, 2025 | Uncategorized

NCSC Conference 2025

Ireland’s cybersecurity landscape is evolving rapidly, driven by new regulations, technological innovation, and a growing emphasis on education and resilience. At a recent national event, industry leaders, government officials, and cybersecurity experts gathered to discuss the challenges and opportunities facing the sector. Here are the key takeaways.

1. Setting the Strategic Direction for Cybersecurity

The Department of Justice, Home Affairs and Migration, represented by Oona’s McPhillips, opened the event by emphasising the dual nature of digital networks: while they create economic opportunity, they also introduce new risks. The department is now setting public policy and strategic direction for cyber, with the National Cyber Security Centre (NCSC) moving under its remit. A top priority for the coming year is the National Cybersecurity Bill, which will transpose NIS2 into law across 18 sectors and place the NCSC on a statutory footing, aligning Ireland with the EU’s security framework.

2. Navigating a Challenging Geopolitical Environment

Richard Browne, Director of the NCSC, highlighted the erosion of previous barriers in the geopolitical landscape, with three major implications for cybersecurity: targeting infrastructure, targeting services, and the impact of emerging technologies like quantum computing and AI. The widening digital divide and supply chain dependencies pose real challenges, especially as third countries can exert control over vendors. Despite these risks, Ireland has made significant progress at both national and EU levels, with improved incident response and a mature, globally recognised CISERT team.

3. Building Resilience Through Innovation and Partnerships

The NCSC’s operational team has grown, and its emergency plans are widely exercised and constantly reviewed. The centre has built a world-class system of cyber cores, central to its operations, and is increasing engagement with the research community. However, SME preparedness remains low, and challenges persist in the vendor space. The Cyber Core website now offers advice, guidance, courses, and a cyber risk assessment tool for SMEs, supporting information sharing and risk management.

4. Compliance, Regulation, and the Role of NIS2

Compliance is a central theme, with the NCSC taking a proactive, outcome-driven approach. The new regulatory framework emphasises honesty, improvement, and transparency, aiming to make compliance easy and drive sustainable change. Article 20 of NIS2 places responsibility at the board level, requiring approval, supervision, and enforcement of security risk measures in each business. CyFun, a structured pathway for NIS2 compliance, is being introduced, alongside tools like Tobar (a secure portal) and Cyber Pulse Check.

5. Education and Skills for the Future

Training, research, and skills development are increasing, with the NCSC engaging the research community and supporting capacity building. The creation of a Cybersecurity Centre of Excellence and the introduction of CyFun will help drive consistency and resilience across sectors. Investing in people and partnerships is seen as key to managing evolving risks and ensuring Ireland remains competitive in the digital age.

6. Panel Insights: Trust, Transparency, and Resilience

Panel discussions featured leaders from local government, the Isle of Man, and the Health Service Executive (HSE), sharing experiences on knowledge sharing, trust, and compliance. The HSE, with over 2,000 vendors, sees CyFun as a catalyst for consistency and resilience. The consensus: progress matters more than perfection, and regulation should enable companies, not hinder them.

Spotlight on National Cyber Risk: Key Findings from the 2025 Assessment

One of the most significant moments at the event was the release of the 2025 National Cyber Risk Assessment. This comprehensive report marks a major step forward in Ireland’s approach to understanding and managing cyber threats at a national level.

What Does the Assessment Cover?

The report identifies Ireland’s national critical functions, catalogues key entities, and assigns critical ratings to each. It provides a detailed analysis of systemic national infrastructure cyber risks, considering three core areas:

  1. Dynamic Geopolitical Environment: The assessment highlights how an extended period of globalisation has driven sustained development and economic growth. However, the international environment is now increasingly contested, dynamic, and volatile. Previous implicit barriers to state-led actions are eroding, giving way to more offensive cyber activities from state actors.
  2. Evolving Technology and Security Implications: The rapid adoption of AI is amplifying the effectiveness of existing threat vectors. This technological acceleration is widening the divide between organisations that can keep up and those that cannot, creating new vulnerabilities and challenges for cybersecurity teams.
  3. Supply Chain Security: The interconnectedness of digital systems, the complexity of global supply chains, and the growth of open-source software supply chains have compounded supply chain security risks. This has emerged as a significant challenge for both public and private sector organisations.

Key Recommendations

The NCSC Risk Assessment Report offers five strategic recommendations to strengthen Ireland’s cyber resilience:

  1. Strengthen Visibility and Detection: Enhance the ability to identify and monitor threats across critical infrastructure.
  2. Implement Proactive Cyber Defence Capabilities: Move beyond reactive measures to anticipate and counter emerging threats.
  3. Enhance National Resilience: Build robust systems and processes to withstand and recover from cyber incidents.
  4. Secure Critical Supply Chains: Address vulnerabilities in the supply chain, including third-party vendors and open-source software.
  5. Invest in National Cyber Capacity: Develop skills, resources, and partnerships to support ongoing cyber defence efforts.

These recommendations reflect the urgent need for a coordinated, forward-looking approach to cybersecurity, recognising that the risks will not diminish but that our ability to manage and respond to them must continually evolve.

The SME Cyber Resilience State of the Sector 2025: A Critical Gap

The second major report unveiled at the event was the SME Cyber Resilience State of the Sector 2025. Its executive summary delivers a stark message: Ireland’s SMEs face a critical cyber resilience gap. SMEs account for 99.8% of all businesses and employ over 2.29 million people, representing 67.9% of total employment in Ireland. Yet, resilience levels are alarmingly low, with 78% of SMEs falling into the low or very low category.

Sector Performance and Key Weaknesses

The ICT sector, while the highest scoring, only achieves 5.7 out of 10—a modest result. Regulated sectors such as health fare even worse, with scores as low as 3.3 out of 10.

The report identifies ten key areas where Irish SMEs consistently underperform:

  1. Data backups
  2. Multi-factor authentication (MFA)
  3. Cyber incident response planning
  4. Cyber training
  5. Continuity planning
  6. Password policy
  7. Cybersecurity policy
  8. Network security
  9. Software updates
  10. Secure communications

These weaknesses are consistent across the SME landscape, highlighting the urgent need for improvement.

Aligning with Cyber Fundamentals

The report emphasises the importance of aligning with cyber fundamentals and the six domains of: Govern, Identify, Protect, Detect, Respond, and Recover. The recommended way forward is for organisations to gain access to CyFun, a three-tier model for risk-based cybersecurity analysis. Many SMEs may not know how or where to start, which is where dedicated cybersecurity organisations like NexGen Cyber can provide guidance and help businesses adopt a model that fits their needs. Read more here.

Conclusion

Ireland’s cybersecurity journey is marked by collaboration, innovation, and a commitment to resilience. As new regulations come into force and the threat landscape evolves, the focus must remain on building skills, fostering partnerships, and enabling organisations to thrive securely in the digital domain.

Speak to our team at NexGen Cyber and see how we can help you prepare: Get in touch – NexGen Cyber