Sign up to save your podcasts
Or
Share Weathering the cyber storm - the public sector's next test
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Weathering the cyber storm - the public sector's next test
Guest post by Stephen Phillips, Head of Public Sector for Ireland, Integrity360
Cyber security in the public sector is undergoing a revolution. What was once a compliance-led, box-ticking exercise is now becoming a board-level concern that is driven by the real fear of service disruption. Public sector leaders understand that a cyber attack on a public system - such as healthcare, transport, policing, or social services - isn't just an IT issue, but a crisis of trust, continuity, and critical services.
The necessary shift is clear: from focusing on prevention alone to building resilience. That means embedding cyber thinking into everyday operations, testing response plans so that everyone knows their role when the pressure is on, and seeing security as a critical enabler of digital transformation - not a blocker.
Multi-layered cyber challenges
Current cyber security challenges across the public sector in Ireland are multi-layered. First and foremost, there's the sheer pace at which the threat landscape is evolving. Ransomware remains a top concern, but we're also seeing a rise in more sophisticated, targeted attacks that often leverage artificial intelligence (AI) to bypass traditional defences. Supply chain risk is another big challenge as many public sector bodies rely on third-party vendors for critical services, which introduces a level of exposure that's hard to fully control. We've seen a growing awareness of this among organisations, but the tools and processes to manage that risk aren't always where they need to be.
Then there's the issue of resources - budgets are tight and, while there's a strong appetite to improve cyber resilience, it's not always matched by the funding or staffing levels required. Moreover, training and awareness are often underfunded, and that's a problem when human error is still one of the biggest cyber security vulnerabilities.Resilience depends on people, and public sector organisations must ensure that staff across departments understand their own roles in keeping services safe.
When it comes to Ireland's national cyber security strategy, there's no doubt that it has come a long way. The transposition of the NIS2 Directive and the upcoming National Cyber Security Bill are important steps - they'll give the National Cyber Security Centre (NCSC) more teeth and help to drive consistency across sectors. But we're still in a bit of a transitional phase. There's a solid foundation, but execution is key. The strategy needs to be backed by sustained investment; not just in technology, but in people, processes, and cross-sector collaboration. We also need to make sure that smaller public bodies without dedicated cyber teams aren't left behind. The intent is there, but we need to accelerate the pace of implementation.
Demand for cyber talent outpacing supply
One of the biggest challenges is attracting and retaining cyber talent in Ireland's public sector. The demand for cyber talent is outpacing supply, and the public sector is competing with private industry, which can often offer higher salaries and more flexible working conditions.
That said, there are some positives. Ireland has a strong pipeline of STEM graduates, and groups such as Cyber Ireland are helping to build a more connected ecosystem. But we need to do more to make public sector cyber roles attractive - whether that's through better career pathways, training opportunities, or simply making it easier for people to move between departments and roles.
A ransomware payment ban - helpful or harmful?
Meanwhile, as cyber risks continue to evolve and grow more sophisticated, the UK government is mulling a proposed ransomware payment ban for public sector organisations. Whether this is something that could (or should) be introduced in Ireland remains to be seen. On paper, banning ransom payments makes sense as it removes the financial incentive for attackers. But in practice, it's not that simple.
Public sector organisations are responsible f...
View all episodes
By Irish Tech News
2
11 ratings
Guest post by Stephen Phillips, Head of Public Sector for Ireland, Integrity360
Cyber security in the public sector is undergoing a revolution. What was once a compliance-led, box-ticking exercise is now becoming a board-level concern that is driven by the real fear of service disruption. Public sector leaders understand that a cyber attack on a public system - such as healthcare, transport, policing, or social services - isn't just an IT issue, but a crisis of trust, continuity, and critical services.
The necessary shift is clear: from focusing on prevention alone to building resilience. That means embedding cyber thinking into everyday operations, testing response plans so that everyone knows their role when the pressure is on, and seeing security as a critical enabler of digital transformation - not a blocker.
Multi-layered cyber challenges
Current cyber security challenges across the public sector in Ireland are multi-layered. First and foremost, there's the sheer pace at which the threat landscape is evolving. Ransomware remains a top concern, but we're also seeing a rise in more sophisticated, targeted attacks that often leverage artificial intelligence (AI) to bypass traditional defences. Supply chain risk is another big challenge as many public sector bodies rely on third-party vendors for critical services, which introduces a level of exposure that's hard to fully control. We've seen a growing awareness of this among organisations, but the tools and processes to manage that risk aren't always where they need to be.
Then there's the issue of resources - budgets are tight and, while there's a strong appetite to improve cyber resilience, it's not always matched by the funding or staffing levels required. Moreover, training and awareness are often underfunded, and that's a problem when human error is still one of the biggest cyber security vulnerabilities.Resilience depends on people, and public sector organisations must ensure that staff across departments understand their own roles in keeping services safe.
When it comes to Ireland's national cyber security strategy, there's no doubt that it has come a long way. The transposition of the NIS2 Directive and the upcoming National Cyber Security Bill are important steps - they'll give the National Cyber Security Centre (NCSC) more teeth and help to drive consistency across sectors. But we're still in a bit of a transitional phase. There's a solid foundation, but execution is key. The strategy needs to be backed by sustained investment; not just in technology, but in people, processes, and cross-sector collaboration. We also need to make sure that smaller public bodies without dedicated cyber teams aren't left behind. The intent is there, but we need to accelerate the pace of implementation.
Demand for cyber talent outpacing supply
One of the biggest challenges is attracting and retaining cyber talent in Ireland's public sector. The demand for cyber talent is outpacing supply, and the public sector is competing with private industry, which can often offer higher salaries and more flexible working conditions.
That said, there are some positives. Ireland has a strong pipeline of STEM graduates, and groups such as Cyber Ireland are helping to build a more connected ecosystem. But we need to do more to make public sector cyber roles attractive - whether that's through better career pathways, training opportunities, or simply making it easier for people to move between departments and roles.
A ransomware payment ban - helpful or harmful?
Meanwhile, as cyber risks continue to evolve and grow more sophisticated, the UK government is mulling a proposed ransomware payment ban for public sector organisations. Whether this is something that could (or should) be introduced in Ireland remains to be seen. On paper, banning ransom payments makes sense as it removes the financial incentive for attackers. But in practice, it's not that simple.
Public sector organisations are responsible f...