Copyright independent
The survey was taken among 165 senior CEOs, CFOs, CTOs and CIOs in large Irish health and life sciences firms, government and corporate organisations. It also found that burnout has become a significant risk for organisations, with one quarter (26pc) reporting “negative mental health impacts”, and almost one in five (19pc) stating that these are “affecting their personal lives”. More than a third (37pc) of cyber leaders said they were concerned that “key threats” around these mental health issues are being overlooked. Almost half (48pc) of cyber leaders say they rank AI and data security as key priorities for the year ahead, while 68pc say protecting against third party and supply chain threats is a serious concern. A large majority (83pc) of Irish organisations say they have increased their cybersecurity activities in 2025, although only a third say they have actually allocated more money to the activity, according to the EY Index. More than 70pc said that they have experienced “difficulties” getting more budget for staff cyber-awareness training, with 43pc saying the same barriers exist for getting more money to hire and retain skilled personnel. Similarly, 44pc say they face “challenges securing budget for AI-related security initiatives, suggesting that investment is not keeping pace with strategic intent”, the EY Index says. The research claims that this difficulty “may reflect internal competition for AI budgets”, rather than reluctance to invest in cybersecurity. It also suggests that embedding cybersecurity into corporate AI activities “positions the function as a driver of growth and advantage”. Over two thirds (68pc) of respondents said that protecting against supply chain and vendor-related threats is a top priority within their cybersecurity programmes, while only 4pc said that third-party vendor risks was one of their main concerns. Meanwhile, compliance with relevant regulations and data privacy laws such as NIS2 was cited as a priority by 39pc of respondents, the survey said, while the EU AI Act is also having an impact with nearly half (47pc) of the executives surveyed saying they have updated their data handling and monitoring practices to match. “In an AI-driven world where algorithms and code are reshaping both attacks and defences, cyber risk is no longer something to eliminate, it must be managed with precision,” said Puneet Kukreja, technology consulting partner and head of cyber at EY Ireland. “This shift demands that cyber leaders evolve from engineers and managers to architects of trust, with a seat and a voice at the top table where strategic decisions are made and budgets are shaped. Cyber threats are escalating, with major breaches reported almost every week, and it’s clear that defences are only as strong as their weakest point. Yet investment is not always going where it matters most, with gaps in staff training and talent retention remaining areas of concern.” Carol Murphy, consulting partner and head of markets at EY Ireland, said: “Irish organisations are strengthening their cyber resilience, with most reporting enhanced defences and stable or increased budgets. The challenge now is to direct that investment towards people and partnerships, ensuring teams are trained, supported and equipped to manage the growing demands of compliance and third-party risk. Organisations must prioritise the continuous training and wellbeing of their cyber teams, recognising that resilience depends as much on people as it does on technology.”
