Mr. Padraic O'Reilly:

GDPR has not quite taken the same foothold in the States as it has in the EU. Jurisdictionally it is not something a lot of American companies would concern themselves with and certainly not as regards localised health concerns. We have a very distributed healthcare delivery system so it is quite different from Ireland's institution at the moment. Some states have been frustrated by federal inaction on privacy regulations and have put their own standards into place, such as the California Consumer Privacy Act, CCPA, and other states have followed suit. As a means of enforcement, fine delivering bodies have taken a bit of a hold here in the States but I do not know that I have seen the impact across the healthcare delivery system in the States as of yet. We have a very distributed, privatised system.

The Colonial Pipeline attack is a unique case study in how having public infrastructure in private hands goes quarter to quarter in terms of investment. A longer term capex is required with respect to mandating standards and the like and tying the performance around measuring risks and standards to actual numbers and analytics in order that organisations can make decisions about how they go about remediating. If there is no way to measure it and if companies are just doing one-off risk assessments yearly, the data will be a year old when they revisit the issue and do the analytics, and in some respects they will be useless.

Our private sector has done brilliant things in cyber. Like Israel, for example, we have many tech start-ups that do incredible things such as endpoint detection. I have a partner company and some of our investment group has invested in Virsec, which does ring-0 malware detection and looks at memory protocols, effectively killing around 100% of attacks. There are brilliant solutions in the private space but there has just not been enough co-operation to date between the public and private sectors. That company was founded around the cybersecurity framework, which was a consortium of 3,000 industry experts in co-operation with NIST. It is initiatives like that that drive more and more co-operation between the private and public sectors. The public sector is great at certain things and the private sector is great at certain other things. That co-operation is needed to get the synergies and efficiencies going forward.