Artificial intelligence is simultaneously creating new opportunities for businesses and exposing them to new threats. Cybercriminals are using the technology to identify vulnerabilities and amplify their attacks, while the pace of artificial intelligence (AI) adoption is outrunning the governance frameworks designed to manage it. The stakes are particularly high for Ireland. The State is host to almost a third of EU data and European headquarters to 16 of the top 20 global technology firms.Cybersecurity is becoming one of the key enablers of economic growth in the digital economy, says Andrea Pfundmeier, senior group product manager, Dropbox. “AI has enormous potential to improve productivity, accelerate decision making and unlock entirely new ways of working. But none of that value can be realised if organisations and customers don’t trust the systems they’re using. “The conversation often focuses on cybersecurity as a cost or a risk management exercise. In reality, good security creates the conditions for innovation. When organisations know their sensitive information is protected, and when governance is built into workflows, they become far more willing to experiment and adopt new technologies.” James Nettesheim, chief information security officer and enterprise technology lead at Bloc James Nettesheim, chief information security officer and enterprise technology lead at Block, says they are seeing AI used across full end-to-end attack life cycles from the attacker side: phishing, data theft, extortion and more advanced attempts. “There are industry-wide trends like deepfakes and fraudulent workers, along with supply-chain attacks such as the recent node package manager – NPM – attacks, though it’s not guaranteed that those are AI-enabled. Attackers are also ‘living off the land’ by using installed AI tools to their advantage.” The bigger shift is that AI agents are different, Nettesheim explains. “AI coding agents break a lot of the traditional security models and expectations. Unlike conventional software, AI agents mix instructions and data in unpredictable ways, can be manipulated through natural language anywhere in their context, operate as ‘mystery boxes’ with opaque decision-making processes, and have failure modes that are difficult to predict or test comprehensively.” To strengthen trust in its digital economy, the single biggest step Ireland can take is to focus on developing digital literacy and skills across the whole population, says Áine Clarke, digital and AI policy executive at Ibec. “Currently, skills shortages significantly hinder the adoption of digital technologies and AI by Irish businesses, particularly among SMEs. “There is also a pressing need to intensify lifelong learning and enterprise ICT [information and communications technology] training; recent data shows Ireland’s lifelong learning participation rate at 14 per cent, which lags behind the EU average of 16 per cent and falls significantly short of the top EU performer at 42 per cent.” Áine Clarke, digital and AI policy executive, Ibec To close this gap and match competition from other digital front-runners, Clarke says Ibec recommends focusing on three key pillars: inclusive literacy, by launching a national AI literacy strategy and introducing AI curricula from primary education upwards; enterprise upskilling, by using employer training vouchers to ensure every SME can access an AI training programme by 2026, and dedicating a portion of the National Training Fund to have a sole focus on digital skills; and lifelong learning, by offering subsidised microcredentials in AI and cybersecurity, delivered locally through libraries and education and training boards. Dani Michaux, EMEA cyber leader, KPMG in Ireland The scale of the challenge is significant. Data from Cyber Ireland, the national cybersecurity cluster, shows that 66 per cent of firms experience skills, recruitment or retention issues, and that an additional 1,000 people per year need to be trained, upskilled or recruited to meet projected industry demand. Without a co-ordinated response across education, enterprise and government, that gap will only widen as AI adoption accelerates. Regulation is turning cybersecurity from a reactive function into a built-in capability, says Dani Michaux, EMEA cyber leader, KPMG in Ireland. “Frameworks like Dora [the Digital Operational Resilience Act] are forcing organisations to integrate cyber, resilience and third-party risk into one operating model, breaking down silos. “The biggest shift is operational: from periodic compliance to continuous resilience. Ongoing testing, real-time monitoring and faster incident reporting mean organisations must operate an ‘always on’ approach.” Over the next three to five years, it will not be one single regulation, but a combination of overlapping frameworks – including the NIS2 [Network and Information Systems 2] directive, the Critical Entities Resilience Directive, the upcoming Cyber Resilience Act (CRA) and the EU AI Act – that will have an impact on Irish organisations, adds Jackie Hennessy, partner, risk consulting, KPMG in Ireland. “Crucially, these regulations do not operate in isolation – together they are reinforcing a more integrated approach to cybersecurity, resilience, governance and accountability across organisations,” she says. AI is introducing new risks, such as an acceleration of frontier AI capabilities, which can exploit poor decision risks, weak governance and adversarial attacks on models and data, says Diarmuid Curtin, EY Ireland cyber consulting partner. “In many cases, the real issue is not just the technology itself, but the absence of effective cyber control, human oversight and accountability around its use. In parallel, we are seeing AI-enabled cyberattacks increase globally, increasingly from state-sponsored actors. “If adversaries fully leverage AI, the attack life cycle could accelerate significantly, where malicious actors move from discovery to engineering to attack execution at much faster speed. Deepfakes, disinformation and hybrid threats are now a feature of modern conflict.” Diarmuid Curtin, EY Ireland cyber consulting partner Cybersecurity is fundamental to safeguarding Ireland’s economic success and its status as a hub for digital and AI investment, says Clarke. “Ireland hosts an estimated 30 per cent of all EU data and serves as the European headquarters for 16 of the top 20 global technology firms. “Our ongoing ability to provide a secure, stable and resilient digital environment is intrinsically linked to our capacity to attract future inward investment and maintain global competitiveness.” With Ireland having assumed the EU presidency on July 1st, its central role in the digital economy increases exposure to cyber disruption – which could potentially affect national reputation, economic stability and EU decision making, Curtin adds. “Strengthening cyber resilience is therefore not just a defensive issue, but essential to Ireland’s global competitiveness.” Trust is the foundation for AI adoption, and regulation will define whether AI can be scaled safely and credibly. In practice, regulation is not a constraint – it’s an enabler, creating the guardrails needed for organisations to innovate confidently while managing cyber and operational risk, says Michaux. “Boards need to treat cybersecurity, resilience and governance as core strategic issues – not just technical detail. This means moving from periodic oversight to continuous, evidence-based monitoring, with clear visibility of control effectiveness. “Practically, this means focusing on integrated governance across cyber, risk and compliance; stronger data and reporting; and building capability at board level to understand emerging risks.” One of Ireland’s strengths is its position within the EU’s established data protection framework, which provides organisations with a clear foundation for managing data responsibly as AI adoption grows, says Pfundmeier. “For organisations building AI products that handle sensitive data at scale, regulatory clarity is increasingly a competitive advantage. Knowing the rules, understanding the obligations and operating within a mature governance environment creates confidence for long-term investment. Andrea Pfundmeier, senior group product manager, Dropbox “As we look forward, organisations are continuing to look for expertise in areas such as cybersecurity, data governance and responsible AI. As AI adoption accelerates, these capabilities remain critical competitive advantages. Businesses want confidence that they can access not only technical talent, but also the skills required to deploy AI responsibly and securely.” The message from across industry is consistent: cybersecurity is no longer a back-office function or a line item on a risk register. As AI accelerates both the pace of innovation and the sophistication of attacks, organisations that treat security as a strategic priority, embedded in governance, resourced at board level and supported by a skilled workforce, will be best placed to compete. For Ireland, with its outsize role in European data and technology, getting this right is not just a business imperative. It is a national one.