Author: Michael Conway, Director, Renaissance [19th March 2026]
Something changed in cybersecurity over the last two years, and it is not subtle. The attackers got faster. They got more precise. And the reason is straightforward: they started using AI.
AI-enabled attacks are not some future concern. They are happening now, against Irish businesses of every size. Phishing emails that are indistinguishable from legitimate correspondence. Automated vulnerability scanning that compresses the window between exposure and exploitation from days to hours. Deepfake audio used in business email compromise scams. Social engineering built on personalised intelligence gathered at scale.
The threat surface has shifted. The question is whether Irish organisations have shifted with it.
Technology alone is not the answer
The instinct, when faced with an AI-powered threat, is to reach for an AI-powered tool. And there is a place for that. Behavioural analytics, AI-assisted threat detection, automated response platforms: these are real and they matter. But technology investments without the human knowledge to configure, manage, and respond to them are largely hollow.
Most Irish businesses are not suffering breaches because they bought the wrong firewall. They are suffering breaches because someone clicked a link, because a misconfigured cloud environment sat unnoticed, because an incident response plan existed on paper but nobody had ever practised it. The tooling is rarely the weakest link. The skills are.
This is not a criticism of the people working in security. The workload has become genuinely unsustainable. Security professionals are being asked to defend wider infrastructure, respond to more sophisticated attacks, and manage more complex environments, often with teams that have not grown to match. The burnout and retention statistics in this industry are not incidental. They are structural.
A different kind of skills gap
When we talk about the cybersecurity skills gap, there is a tendency to frame it as a pipeline problem. Not enough people coming into the industry. Not enough courses, not enough graduates. That is part of it.
But the more immediate problem is not about new entrants. It is about the people already in the roles. The analyst who has never encountered an AI-generated phishing campaign at scale. The IT manager whose threat model was built in a different era. The security team that knows the technology but has never run a live incident simulation. AI has compressed the learning curve for attackers. The defenders have not had the same advantage.
Upskilling the existing workforce is not a nice-to-have. It is one of the most direct risk reduction measures an Irish business can take right now. And it applies beyond the security team. When AI-generated attacks are convincing enough to fool experienced professionals, the entire organisation becomes part of the defensive perimeter. Finance, HR, operations: everyone who handles data, credentials, or communications is a potential target.
What good preparation looks like in practice
Effective cyber resilience at an Irish SME or enterprise level is not primarily about acquiring new software. It is about developing four things.
- Awareness at every level. Security awareness training has a poor reputation, largely because most of it is box-ticking. Done well, it changes behaviour. People who understand why attackers target them, and what a convincing AI-generated lure actually looks like, make meaningfully better decisions.
- Hands-on technical skills. Reading about threat intelligence is not the same as working through a live simulation. Certified, practical training in areas like incident response, network security, and cloud security gives teams the muscle memory they need when an actual incident occurs.
- Governance and process maturity. Most organisations have policies. Fewer have policies that are tested, communicated, and embedded in day-to-day operations. Knowing what to do in the first hour of a breach is not obvious without preparation.
- Leadership understanding. Boards and senior leadership teams increasingly need to understand cyber risk at a strategic level. Not the technical detail, but the business impact. The ability to ask the right questions and make informed investment decisions matters enormously at that level.
Building the case internally
One of the recurring conversations I have with IT managers and security leads across Ireland is about internal budget justification. Getting sign-off for training is harder than getting sign-off for technology. Technology feels concrete. A new platform, a new licence: these are visible. Skills development is harder to quantify.
The framing that tends to land is this: the average cost of a data breach in Ireland now runs to hundreds of thousands of euro when you account for remediation, regulatory exposure, reputational damage, and downtime. A training programme that meaningfully reduces the likelihood of a breach, or shortens the response time when one happens, pays for itself many times over. The return on investment is not theoretical.
Organisations like Technology Ireland ICT Skillnet are doing important work here, providing funded and subsidised pathways to cybersecurity training that reduce the cost barrier for Irish businesses and their teams. The supports exist. The question is whether organisations are making use of them.
What AI changes about the training conversation
The rise of AI in the threat landscape does not make existing cybersecurity knowledge obsolete. The fundamentals of network security, identity management, secure coding practice, and incident response remain as relevant as they ever were. What AI changes is the context in which those skills are applied, and the speed at which new techniques emerge.
Training needs to reflect current threat realities. Phishing simulations should include AI-generated content. Incident response exercises should account for the speed and scale of automated attacks. Threat intelligence should cover adversarial AI use cases. The curriculum has to keep pace, and so do the people delivering it.
It also means that learning cannot be a one-time event. The threat landscape in 2026 is materially different from 2023. The landscape in 2028 will be different again. Continuous professional development in cybersecurity is not optional; it is the only realistic response to an environment where attackers are iterating faster than defenders.
Where to start: Building cyber skills in your organisation
For Irish businesses looking to act on this, Technology Ireland ICT Skillnet is one of the most practical starting points available. As a funded network operating under Skillnet Ireland, Technology Ireland ICT Skillnet provides subsidised training specifically designed for people working in technology and cybersecurity roles across Ireland.
The programmes on offer are not generic e-learning modules. They are industry-aligned, instructor-led courses built around the skills that Irish IT professionals actually need: from security operations and ethical hacking to risk management, cloud security, and compliance frameworks. Whether your team is looking to build foundational knowledge or pursue recognised certifications, there are funded pathways available that significantly reduce the cost barrier for employers and individuals alike.
The case for taking advantage of this is straightforward. If the threat environment demands a more skilled workforce, and it does, then funding that development through a subsidised provider is one of the most cost-effective decisions an Irish business can make. The supports are there. Using them is the first step.
Cyber Expo and Conference Ireland 2026
These issues and more will be front and centre at Cyber Expo and Conference Ireland 2026, taking place on 20 May 2026 at Leopardstown Pavilion, Dublin. The event brings together Irish IT professionals, security leaders, vendors, and training providers for a full day of keynotes, technical sessions, and practical conversation about the threats facing Irish organisations today. You can register for the event here, and full details can be found at cyberexpoireland.ie
Tackle cyber threats with confidence
Cybersecurity skills are continually in high demand and cybersecurity specialists are needed now more than ever.
Learn More About Cybersecurity Courses with Technology Ireland ICT Skillnet
