According to Silicon Republic, EY Ireland’s Cyber Leaders Index surveyed 165 senior cybersecurity professionals between July and August 2024 and found that 83% of Irish organizations enhanced their cybersecurity measures over the past six months. Despite this investment, 72% struggle to fund company-wide cyber training, and 43% have similar budget problems for hiring and retaining skilled personnel. The report also revealed that 48% of leaders see AI and data security as key priorities, but 44% can’t secure budgets for AI security initiatives. Additionally, 37% of respondents worry about gaps in their organization’s cyber risk coverage, and more than one in four (26%) report negative impacts on their mental health from job stress.
Sponsored content — provided for informational and promotional purposes.
The People Problem Nobody’s Solving
Here’s the thing: companies keep throwing money at technology while completely neglecting the human element. We’re seeing 83% boosting defenses, but nearly three-quarters can’t properly train their people? That’s like buying a Ferrari and then hiring someone who only has a bicycle license to drive it. Carol Murphy from EY Ireland basically nailed it when she said resilience depends as much on people as technology. But apparently nobody’s listening.
The AI Budget Gap Is Scary
Almost half of cyber leaders identified AI security as a priority, but 44% can’t get the budget for it. That’s genuinely concerning. We’re in an AI arms race where both attackers and defenders are using these tools, and organizations are already falling behind. Puneet Kukreja’s point about cyber risk needing to be managed rather than eliminated is spot on, but how can you manage what you can’t afford to understand? This feels like watching companies install better locks while leaving the windows wide open.
Burnout Is the Silent Cyber Threat
Now here’s what really worries me: 26% of cyber professionals reporting negative mental health impacts. That’s not just an HR problem – that’s a security vulnerability. Think about it: stressed, burned-out defenders are more likely to make mistakes, miss threats, or just quit. And when skilled talent is already hard to find, losing experienced people because of burnout is catastrophic. Kukreja called stress a “hidden cyber risk,” and he’s absolutely right. But are companies actually doing anything about it? Probably not.
Compliance Isn’t Enough
Nearly 40% of leaders are worried about compliance with regulations like NIS2, and 47% have updated their data handling practices. That’s good, I guess. But compliance doesn’t equal security. You can check all the regulatory boxes and still get completely owned by a sophisticated attacker. The real issue is that companies are treating cybersecurity as a compliance exercise rather than building genuine resilience. They’re preparing for audits instead of preparing for actual attacks.
What’s Really Going Wrong Here?
So why are companies so bad at this? It seems like they understand the threat landscape intellectually but can’t translate that into effective action. They’ll spend millions on fancy security tools but won’t invest in training the people who use them. They’ll worry about AI threats but won’t fund AI security. And they’ll completely ignore the human cost until their best people start quitting. At some point, boards need to realize that cybersecurity isn’t just about technology – it’s about people, processes, and culture. And right now, they’re failing on all three fronts.
