Mr. Pat Larkin:

There is emerging co-operation and collaboration. Cyber Ireland is reaching out internationally. We are focused on Ireland but we are reaching out to managers engaged internationally at a clustering level to look at best practice. By its nature the industry is collaborative. The only success you have is through collaboration and sharing threats and ideas. I am aware, as the Cyber Ireland board member on the NCSC, that it is collaborating with national cybersecurity centres across Europe and the world. We have a cluster around An Garda Síochána. There is emerging policing co-operation across Interpol and globally. The challenge of a defence-only mentality is that you cannot have infinite defence infinitely. You defend either to counterattack or solve the problem. You are starting to see the idea of active cyberdefence. That is offensive cyber, which involves going after threats. Rather than waiting for the attack, defending and trying to remediate and recover, you see that you also need a much more aggressive response at the political, policing, intelligence and national security level. You need to go after the bad actors, and take them out along with their infrastructure. You see that in some of the cryptocurrency payment chains. Some of that is now traceable, and money is being chased across cybercriminals internationally. You can see the emergence of various collaborations and consortia. It is fair to say it is the world against what are called the CRINKs - China, Russia, Iran and North Korea. They are typically the malevolent states with the most relationships to criminal activity. North Korea is responsible for more than 60% of crypto-heists, which is hijacking cryptocurrency and placing it in its national reserves. You can start to see the emergence of strong collaboration and active cyberdefence. The challenge for an organisation in Ireland being attacked is that in a lot of cases the response is still not fast enough. You are dependant on industry and your own resources to combat that. For most of these organisations it is an existential threat. If you have a ransomware attack, whether you pay or not, your ability to recover revenue streams and normal business operations is time critical. Even if you do recover, it does not mean that your business will survive. Even though there are national resources available, quite often the response capability and timelines are not nearly adequate enough. Survival depends on an organisation's own capability, and the ability for organisations in industry to assist and respond. National police and security then need to roll in and do the big picture stuff.