Mr. Colm Hyland:

I will reinforce some of the points made in the previous presentations. One of the key things coming through is that we have a problem when it comes skills shortages and, related to that, the notion of skills gaps. That is probably one of the single biggest challenges we have as an economy, which has a knock-on effect for anybody involved in any form of digitalisation. We have a problem that transcends the private and public sectors. The easiest way to summarise that is to say that everybody is at risk. Therefore, we need to ensure that every citizen has some basic knowledge of cybersecurity and a select group of people have the skills appropriate to their organisations to try to defend this difficult situation.

As suggested by Mr. Larkin, the cybersecurity sector is growing rapidly within the country. Numerous reports suggest that we have approximately 7,500 professionals and the potential for 17,000 jobs by about 2030. That is all to be encouraged, but one of the issues we are very interested is the idea that cybersecurity skills need to work across the entire economy, not just exclusively within higher education in particular. We have done a good job, especially Professor O'Sullivan and her colleagues, as regards the number of accredited courses within the country. The issue is that this does not meet the demand. The demand is so large that we need to ensure we have skills-based programmes that actually meet the demands of smaller organisations, in particular, manufacturing organisations.

We know we have a shortage of people. There are significant shortages as regards understaffing. As cybersecurity jobs are well paid, we also have a problem with attrition. Even if you manage to hire some cyber people, one of the difficulties is other people want them as well. There are serious problems with the recruitment process, even when it comes to longevity, in filling a particular job, and the pricing has become slightly outrageous.

When we go into organisations to see what their cyberneeds are, the other bigger issue is that sometimes people do not know they have a problem. One of the most fundamental aspects of this is there is such a level of a skills gap, people do not know a problem is actually knocking on their door or sitting on their systems today. Part of this process we are engaging in is about trying to ensure that more people understand problems are out there, which are happening every day. The issues is not just that managers do not know in their organisations. Sometimes, their IT people do not know either. There is a real difference between IT people and cyber people. One of the significant things we need to bring home here today is to suggest very clearly that IT departments need to be upskilled in cyber, just like everybody else. One of our real interests, and Mr. Kelly will back me up on this later on, is that we have not paid enough attention to SMEs in the country. We still have a very strong manufacturing base, much of which are indigenous companies that we need to support. We have issues in making sure that we identify these skills gaps and that we really pay attention to SMEs and manufacturing companies in particular.

These problems will not go away. A plethora of legislation is coming through from Europe. All the members know about the general data protection regulation, GDPR, but DORA is now knocking on the door in the context of financial companies. The network and information security, NIS 2, directive is coming through as well. There are a whole bunch of other things, including the, DMA, the, DSA, and a consolidation Act, primarily around cybersecurity, which will hit us in 2025. As if things were not bad enough, we now have to be compliant with a rake of EU directives and regulations that will be transposed into Irish legislation. It is difficult for an SME to keep in tune with what is going on, but the fact that we have a serious legislative requirement coming through makes it even more difficult. One of the good things coming out of the Cybersecurity Act is the notion of having cybersecurity skills academies, which we are very interested in. These academies will bring the training and education down to a level for the ordinary guys on the shop floor, including the technicians and engineers, who need this. It is not just about the graduates but the people who actually do the work on the factory floors or within small businesses, whether they are retailers or whatever.

We know there is a solution out there; it just requires a huge amount of work. Very good work has been done in defining what the skills requirements are, particularly through the national initiative for cybersecurity education, NICE, the National Institute for Standards and Technology, NIST, and the European Union Agency for Cybersecurity, ENISA, frameworks, which are very beneficial. We also need to concentrate on things such as leadership. One of the obvious things is that our managers do not know enough about this stuff. We need to start to look at additional, what we call, transversal competencies that will fit into this particular profile. A lot of good work has been done throughout the country but it is not co-ordinated, intensive or impactful enough. We have a lot of work to do in this area. Some good work has been done in schools but it is a little hit or miss. As usual, there has been a series of pilots and initiatives, but nothing comprehensive in getting down to five- and six-year-olds, never mind the 18- and 19-year-olds. A real piece of work is to be done in that regard.

Various organisations have been working away on this stuff but it has not been full of impact at all. Our friends in what used to be called Blanchardstown Institute of Technology, which is now part of the Technological University, TU, Dublin, do a wonderful event, Capture the Flag, for secondary and third level students. Those sorts of things are very helpful in assisting people to understand there is a problem and acquiring some skills in that regard. Again, we have great programmes that fit people. Mr. George Ryan and his team work particularly well on apprenticeships. We have digital and cyberapprenticeship schemes. In fact, the Advanced Manufacturing Training Centre of Excellence, AMTCE, in Dundalk runs one such scheme in collaboration with other things it does in the cyberspace. Cybersecurity apprenticeships are critical and are a key component in filtering the skills levels down.

We have been very lucky in doing some work with the AMTCE in Dundalk. It will be reopening in September. If members have not yet visited it, they should because it is exceptional. We have been working with the guys there on a full curriculum of skills-based accelerated learning for cybersecurity. We take the view that it is great to have multiple degree programmes working for us within the country, but the fastest way to get people up to speed is through accelerated learning processes, and taking advantage of the web and digital learning platforms, of which there are an abundance in this space.

We have an opportunity within the AMTCE, in particular through the good offices of Mr. Adrian Kelly, Mr. Martin O'Brien and Mr. Denis Rowan, who are really supporting this activity at the moment. It is exceptional work and it really will hit the nail right on the head. It has a big interest in SMEs and in operational technology. As the name indicates, it is an advanced manufacturing centre. There is some really good work starting within that, including some work which we could potentially emulate across all of the education and training boards, ETBs. We have to get the young people in fast on this stuff and the ETBs provide this through the secondary and the tertiary education they provide. They are a wonderful vehicle for delivering a lot of this stuff and that is something we need to encourage. There is lots of good work being done in the cybersecurity area generally, but not enough. We need to get faster, smarter and brighter about the whole thing. We need projects like those in Dundalk, which are going to be exceptional in terms of what we can do and are underpinning the whole advanced manufacturing piece. How much is this going to cost us? Over about four years, I estimate about €60 million. It is an investment that is necessary but we have to do it right away.