EY Ireland has released its inaugural Cyber Leaders Index, which reveals that while 83% of Irish organisations have strengthened cybersecurity measures in the past six months, leaders face major challenges around funding for staff training, talent retention and managing AI-driven threats. Burnout among cyber leaders also emerges as a hidden risk.
A majority of Irish organisations have enhanced cybersecurity measures in recent months yet under-investment in key areas of training and compliance, ongoing talent shortages and AI-powered cyber threats continue to be areas of concern for Irish cyber leaders. That’s according to EY Ireland’s inaugural Cyber Leaders Index, which surveyed 165 of Ireland’s senior cyber leaders with a particular focus on the corporate, health and life sciences and government sectors.
83% of Irish cyber leaders report enhancing cybersecurity measures over the past six months, with nearly a third (32%) noting an increase in budgets, while two thirds (67%) report investment holding steady. However, more than 70% of cyber leaders report difficulties securing budget for staff cyber awareness training. 43% cited challenges in securing budget for hiring and retaining skilled personnel, which remains a key challenge for cyber leaders.
Nearly half (48%) of cyber leaders identified AI and data security as a top priority for the year ahead, and many organisations are adapting their practices in response to the EU AI Act. Yet 44% say they face challenges securing budget for AI-related security initiatives, suggesting that investment is not keeping pace with strategic intent.
Related: EY’s Richard Thompson on AI's Next Evolutionary Leap
This may reflect internal competition for AI budgets, rather than reluctance to invest in cybersecurity, and embedding cybersecurity into AI efforts positions the function as a driver of growth and advantage. Almost seven in ten (68%) of respondents said that protecting against supply chain and vendor-related threats is a top priority within their cybersecurity programmes, however only 4% identify third-party vendor risk as one of their main concerns.
Compliance with relevant regulations and data privacy laws such as NIS2 was cited as a priority by 39% of respondents, while the EU AI Act is also having an impact with nearly half (47%) of the leaders surveyed stating they have updated their data handling and monitoring practices and four in ten (39%) having updated their data protection impact assessment systems.
Puneet Kukreja, Technology Consulting Partner and Head of Cyber at EY Ireland said:
“In an AI-driven world where algorithms and code are reshaping both attacks and defences, cyber risk is no longer something to eliminate, it must be managed with precision. This shift demands that cyber leaders evolve from engineers and managers to architects of trust, with a seat and a voice at the top table where strategic decisions are made and budgets are shaped. Cyber threats are escalating, with major breaches reported almost every week, and it’s clear that defences are only as strong as their weakest point. Yet investment is not always going where it matters most, with gaps in staff training and talent retention remaining areas of concern.”
Carol Murphy, Consulting Partner and Head of Markets at EY Ireland said: “Irish organisations are strengthening their cyber resilience, with most reporting enhanced defences and stable or increased budgets. The challenge now is to direct that investment towards people and partnerships, ensuring teams are trained, supported and equipped to manage the growing demands of compliance and third-party risk. Organisations must prioritise the continuous training and wellbeing of their cyber teams, recognising that resilience depends as much on people as it does on technology.”
Related: EY Ireland reports 9.3% growth and revenues of €843 million Financial Year 2025
Burnout Risk As Cyber Threats Remain A Top Concern
Burnout and fatigue amongst cyber leaders have been identified as growing resilience risks for Irish organisations, with 37% of those surveyed reporting concern about the gaps in their organisation’s cyber risk coverage. More than one in four (26%) of respondents reported negative impacts on their mental health.
Puneet Kukreja said:
“Our research shows that stress is fast becoming a hidden cyber risk for organisations. Cyber risk is constant, and that unrelenting pressure is taking a toll on the people who defend against it. Burnout doesn’t just affect performance; it threatens retention at a time when skilled talent is already hard to find. Boards and business leaders must start considering the welfare of their cyber teams as a material business risk. That also means helping teams manage pressure by clearly defining the organisation’s cyber risk appetite and recognising that while not every threat can be eliminated, many can be anticipated and prepared for.”
Read the Big Data Special Edition free online →
Stay connected with NI's tech community:
Subscribe to our newsletter – Get the latest tech news, job opportunities, and events delivered to your inbox
Visit Sync NI – Your daily source for Northern Ireland technology news
