News

Pictured at the cyber security seminar, organised by Shannon Chamber and hosted in Ei Electronics’ Centre of Excellence (from left): Ciaran Wrenn, National Cyber Security Centre (NCSC); Helen Downes, CEO, Shannon Chamber; Ethan Pitts, AIG; Brian O’Dwyer and Fernando Sevillano, Willis; and Tina Talty, Ei Electronics; Photograph by Eamon Ward

Cybersecurity has become a strategic business priority, no longer confined to IT departments. It requires company-wide vigilance and demands the attention of business owners, senior executives, risk managers, and compliance leaders alike.

This stark fact was emphasised by a team of subject matter experts who gathered in Ei Electronics’ Centre of Excellence to advise Shannon Chamber’s cohort of members on how to effectively identify, assess, quantify, and mitigate cyber risk in their companies.

The seminar was led by cyber risk specialist Fernando Sevillano, head of cyber and tech consulting Western Europe at Willis, one of Ireland’s leading insurance brokers, risk advisors, pension and actuarial consultancies. His approach delivers evidence-based cyber risk management using both qualitative and quantitative methods to assess exposure, maturity, and financial impact. He has supported several Irish entities by tailoring risk mitigation and regulatory alignment strategies to enhance resilience and reduce costs.

He was joined by Ciaran Wrenn from the National Cyber Security Centre (NCSC) Engagement Unit, who has led public information campaigns on the subject and is the education lead on the government’s cyber core programme.

The NCSC is responsible for advising and informing Government IT and critical national infrastructure providers of current threats and vulnerabilities associated with network information security. Its main roles are to lead in the management of major cyber security incidents across government, provide guidance and advice to citizens and businesses on major cyber security incidents, and develop strong international relationships in the global cyber security community for the purposes of information sharing.

The information delivered by both presenters was informative and in part alarming. It highlighted the increase in attacks by financially motivated cyber criminals, especially ransomware, the high disruption costs associated with an attack, the increasing data protecting obligations on companies and the risk extension to entities beyond the attacked organisation to its partners and suppliers. The importance of having adequate cyber insurance to cover hacking, non-malicious or accidental outages, breaches of confidential information and IT and outsourced service provider risks was also highlighted.

As stated by the presenters, ransomware remains the top threat by frequency and severity, with successful attacks more severe, and involving higher costs, longer downtime and larger extortion demands. They did point to one positive, stating that, despite an increase in the number of threats, successful breaches are decreasing due to companies implementing increased security.

Measuring the risk of a cyber-attack to reduce the cost of any associated fine was also discussed. As stated by Fernando Sevillano, companies should have a clear understanding of the threats, losses, impact and risk management effectiveness in their business.

“Recognise your external exposure, such as information outside your company that could be exploited, define a mitigation roadmap based on your assessment results, and prioritise your mitigation efforts in line with the measured risk,” he urged.

Of note for boards and management bodies of companies is the fact that they are responsible and liable for cyber security.

“Management boards must possess cyber security knowledge and provide staff training, and, they must demonstrate the steps they have taken towards compliance,” said NCSC’s Ciaran Wrenn.

He also advised attendees to view NCSC: National Cyber Security Centre for quick reference guides, step-by-step tools to determine their scope and compliance, and to access comprehensive materials on how to remain compliant.

Current reporting requirements include filing an initial report within twenty-four hours of an incident; a detailed report within seventy-two hours; intermediate reports as required; a progress report within one month and a final report within one month of the incident being resolved. A dedicated portal is being developed to give practical guidelines to companies on how to remain compliant and grants are available to companies for cyber security improvements.

As advised by Mr Wrenn, companies need to ‘understand what information is held and its risk profile and implement controls proportional to the risk and business size’.

Shannon Chamber CEO Helen Downes, commenting on the seminar added: “Attendees were given practical guidance on navigating the latest cybersecurity challenges, and how to implement best practice in cyber risk management to strengthen their organisation’s resilience. They learnt the importance of both qualitative and quantitative cyber risk assessments to enable their companies make informed decisions around mitigation and risk transfer strategies.

“The panels’ expertise and informative presentations will have increased companies’ awareness and motivation to upskill their board members, to create more training opportunities and to seek additional funding for cyber training and risk management.

“A ‘Professional Diploma in Cyber Security’, offered by our Skillnet Business Network, and involving weekly online lectures with an industry expert, is an ideal starting point to gain expertise in this area.

“The course commences on 22 October and concludes on 21 January 2026. Participants will gain a solid foundation in cybersecurity principles, learn how to identify threats, conduct risk assessments, and develop robust response strategies. They will explore key areas such as penetration testing, digital forensics, and open-source intelligence to help protect critical assets and ensure business continuity. I have no doubt that it will be fully subscribed.” added Ms Downes.

Further details on this programme can be found at www.shannonchamberskillnet.com/events/professional-diploma-in-cyber-security/