Europe’s cyber security landscape is undergoing profound transformation. With the Digital Operational Resilience Act (DORA) already in effect and the Cyber Resilience Act (CRA) set to be implemented in 2027, UK businesses must move quickly to strengthen their cyber defences and stay ahead of rising threats.
Amid the evolving change, neighbouring Ireland stands out – with an established cyber security infrastructure, access to top-tier talent, and central position within the EU, Ireland is becoming the go-to destination for UK businesses aiming to secure their operations and navigate an increasingly complex landscape.
Scale of change: NIS2 and beyond
The transposition of the Network and Information Systems Directive (NIS2) into Irish law in October 2024 marked the beginning of a broader shift in the EU’s cyber security strategy. With NIS2, the number of regulated entities in Ireland surged from just 70 under NIS1 to 4,000 – and this is only the beginning. Across the EU, NIS2 will impact an estimated 180,000 entities, extending its reach throughout entire supply chains and spanning 18 sectors.
Looking ahead, DORA and the CRA will be key drivers of the next phase of regulatory change. While DORA imposes stricter operational resilience standards for financial institutions, the CRA will have broader implications across the technology industry.
Imposing a regulatory framework akin to the European Conformity (CE) mark for physical products, all digital products sold in the EU must now be secure against cyber attacks and have built-in lifecycle support. From software developers to tech hardware companies, businesses will need to gain cyber security certification before their products can enter the market. This will likely fuel greater demand for cyber security services, creating significant economic opportunities. For businesses ready to capitalise on this, the rewards are substantial – with an expected market growth of approximately €10bn (£8.3bn) per annum in cyber security, as digital resilience becomes a key priority across Europe.
Urgency to act: Rising cyber security threats
Cyber attacks are no longer a question of if, but when. In 2024, half of UK businesses experienced some form of attack, and for medium and large-sized companies, the stakes are even higher due to their handling of sensitive data. The rise of generative AI has made these threats even more sophisticated, enabling cyber criminals to execute advanced, difficult-to-detect attacks.
The impact of a breach extends well beyond immediate financial losses. A compromised reputation, loss of customer trust, and investor concerns can leave lasting damage that is far harder to recover from than the technical fallout. In an era where trust is a premium asset, businesses must safeguard not just their data, but their credibility.
With cyber security regulations tightening in an increasingly hostile digital world, companies will require technical expertise to navigate compliance and maintain resilience.
Access to a skilled workforce
While cyber security relies on technology, its success hinges on having the right talent. Alarmingly, 49% of public sector organisations have reported a shortage of skilled professionals to meet their cyber security goals – an increase of 33% from 2024.
In contrast, Ireland is home to a flourishing pool of cyber security talent, supported by institutions such as the Munster Technological University (MTU), which plays a key role in nurturing the next generation of professionals. The collaboration between industry, academia, and government policies has proven highly effective, with tailored programmes such as CyberSkills designed to address specific skills gaps. For instance, Mastercard leveraged this initiative to upskill its team in secure coding and security assurance testing, highlighting the programme’s success and agility in responding to industry needs.
In the process of developing a sustainable talent pipeline, Ireland has plans to employ a total 17,000 cyber security professionals by 2030, a significant increase from 6,700 in 2022. This projected growth will contribute an estimated €2.5 billion annually to the economy, driven by multinational companies alongside a dynamic network of over sixty innovative cyber security startups in their diverse ecosystem.
Strategic opportunities for UK businesses
While EU regulation may initially seem like a barrier, it can also present compelling advantages – particularly in attracting US-based companies looking to collaborate with European partners. Thanks to the EU’s leadership in regulation, businesses can be assured that they are meeting the highest standards in areas such as cyber security and AI. Combined with Ireland’s political stability, robust infrastructure, and strong government support, it provides an ideal base for expanding operations in Europe.
UK businesses have a pivotal opportunity to strengthen their cyber security and ensure their future growth. As regulations tighten and cyber threats grow more complex, Ireland stands out as an obvious partner. With its robust infrastructure, skilled workforce, and membership of the EU, UK companies can enhance their cyber security defences and gain a competitive edge in the global race. Now is the time to act – those who invest in Ireland’s wealth of resources and expertise will not only safeguard their interests but also set the standard for responsible cyber practices in the digital age.
Anne-Marie Tierney-Le Roux is senior vice president of enterprise technology at IDA Ireland.