The Irish cybersecurity sector: An overview
The Irish cybersecurity sector is growing at a rate of over 10 per cent per annum and could, if such growth continues, employ over 17,000 people and create €2.5 billion of gross value added by 2030.
The 489 cybersecurity firms operating in Ireland have 734 offices, according to the State of the Cyber Security Sector in Ireland report, with 73 per cent of these offices in Dublin, Cork, Galway, or Limerick. While Dublin has the most overall offices, Cork and Galway retain the largest number of firms per capita.
The main products offered by cybersecurity firms in Ireland include managed security service provision and advisory services, offered by 36 per cent of firms, securing applications, networks, and cloud environments services, provided by 31 per cent, and risk, compliance, and fraud services, provided by 28 per cent. Threat intelligence, monitoring, detection, and analysis is served by 26 per cent of firms, with operational technology security and connected devices served by 13 per cent and identification, authentication, and access control by 11 per cent.
The cybersecurity sector is an anomaly in the Irish context due to the makeup of the types of businesses that populate the sector. While the Central Statistics Office’s (CSO) Business Demography 2019 found that over 99 per cent of Ireland’s business were SMEs, 44 per cent of the businesses involved in cybersecurity in Ireland are classified as large enterprises, meaning that they have at least 250 employees and €50 million of annual turnover. This is perhaps not surprising given the prevalence of foreign direct investment in the sector, with 71 per cent of employment in the sector supported by FDI, and 28 per cent of firms headquartered in the United States and 55 per cent of employees employed by those firms.
The Department of Enterprise, Trade and Employment’s 2022 report Attracting Tech Talent to Ireland estimated there to be circa 80,000 professionals engaged in technological sectors in Ireland, meaning that the 7,351 engaged in cybersecurity work account for 9.2 per cent of the total technological workforce.
CSO statistics record Ireland’s gross value added (GVA) as €393.788 billion for the year 2021; the €1.1 billion GVA recorded by the cybersecurity sector in the same year means that it accounted for 0.28 per cent of the national GVA. While broad sectoral figures for the year 2021 have yet to be released, the sector in which the CSO places cybersecurity – information and communication – is now the second largest sector in terms of GVA, behind only manufacturing. The information and communication sector accounted for 17.4 per cent of national GVA in 2020 and has recorded steady growth from €18.166 billion in 2013 to €58.574 billion in 2020.
2020 saw the sector record a growth rate of 13.8 per cent in GVA, from €51.472 billion in 2019. If such a level of growth were to have been recorded again in 2021, this would mean a GVA of €67,377,212,000, meaning that cybersecurity’s €1.1 billion would account for 1.63 per cent of total sectoral GVA. GVA per employee stands at €150,000 in Ireland’s cybersecurity sector, comparing favourably to the UK rate of £100,000 (roughly €120,000) per employee.
As part of Cyber Ireland’s State of the Cyber Security Sector in Ireland report, a survey found 83 per cent of businesses expecting to grow their cybersecurity teams in the year 2022, with half of the businesses expecting growth of over 25 per cent. Findings such as this led the report’s authors to conclude that the 10 per cent plus annual growth rate experienced by the sector in recent years is sustainable in the short term to 2030, whereby the sector could have as many as 17,000 employees and €2.5 billion GVA. However, four-in-10 employers attested to a lack of appropriately skilled candidates; 33 per cent noted high competition from other cybersecurity businesses, 22 per cent noted a lack of non-technical skills in the labour pool, and 21 per cent said salaries are unaffordable.
With such growth having been experienced in the sector since 2013, and further growth expected, the enhanced commitments to cybersecurity seen in the wake of the HSE cyberattack will be music to the ears of those invested in the sector, but a significant challenge lies in store with an annual shortfall of people in cybersecurity roles across the broader economy of 10,000 according to ISC2. Research by people such as Leslie Kesselring has pointed to this being a global problem, with skills shortages impacting 70 per cent of businesses. The challenge for the cybersecurity sector is clear; the same can be said of the opportunity.