It is my pleasure to attend this committee again. This is my third time, but this time I am here in my role as chairperson of Cyber Ireland. Cyber Ireland's raison d'être is collaboration, co-ordination and leadership to develop our sector. We are delighted to be here with this wide and diverse group, a number of whom are Cyber Ireland members. Our common purpose is to articulate and execute a common vision for cybersecurity for Ireland. Cyber Ireland, as an already established and functioning resource, is best placed as the tip of the arrow to help to develop, co-ordinate and lead on this common vision. I will give an overview for members who are not familiar with Cyber Ireland. It is a national cybersecurity cluster organisation and an industry representative body launched in 2019 to bring together industry, academia and the Government to represent the needs of the cybersecurity sector in Ireland and support its growth. The cluster is industry-led, hosted at MTU, and is supported by the Government through the National Cyber Security Centre, NCSC, with funding from the IDA and Enterprise Ireland. We have more than 160 members, of which 50 are multinational companies, 90 are SMEs and indigenous companies, and ten are universities. The NCSC, IDA and Enterprise Ireland are also on our board. Our cluster vision is to be a driving force to support world-class talent, innovation and solutions for Ireland’s cybersecurity cluster. We have four different workstreams we have been working on since we were established: building the community; developing a sustainable talent pipeline; enhancing collaborative research and development; and supporting the growth of the domestic sector and foreign direct investment, FDI. There is further detail on workstreams in our submission but in the interests of time I do not propose to go into them now.
Cybersecurity is a rapidly growing industry internationally, for which there are a number of opportunities and challenges. The market size of the industry is currently $250 billion worldwide and is growing at a compound annual growth rate of 12% per annum. The annual global cost of cybercrime has exceeded $10.5 trillion annually. I apologise that there was a mistake on the original version of the opening statement I submitted yesterday. The correct figure is $10.5 trillion annually. It is the third largest economy in the world and is growing at 15% compound growth. There is 0% unemployment in the cybersecurity sector. In fact, it is estimated that approximately 3.5 million roles are unfilled worldwide and that is forecast to grow to 4.2 million in the next two years. Increasingly, because of the size of the opportunity and the challenge, there is increasing global competition for talent and investment.
I will move on to the risks and challenges for Ireland. Ireland is the data centre of Europe with its multinational presence of social media and cloud-based companies. There is increased cybercriminal activity globally and in Ireland. The economic impacts of cybercrime put our indigenous SME sector at risk and have knock-on effects on our FDI brand. Ireland is a digital leader and security laggard. The European Commission publishes the Digital Economy and Society Index, DESI, which ranks member states according to their level of digitalisation and digital transformation. Ireland is a digital front-runner in Europe, ranking fifth of the 27 EU member states in the 2022 edition. However, a similar cybersecurity industry index benchmarks Ireland as a laggard internationally. The International Telecommunication Union's global cybersecurity index, GCI, measures the commitment of countries to cybersecurity at a global level. In the 2020 version of the GCI, Ireland ranked 46th globally and 28th of 36 European regions. We have significant strengths with respect to cybersecurity. We have a significant base of international technology and security companies. According to Cyber Ireland's report, the inaugural State of the Cyber Security Sector, which was published in 2022 and mapped the size and make-up of the cybersecurity sector for the first time, six out of the top ten software security companies are based here; 160 pure-play cybersecurity companies and 300 companies with cyberoperations are located in Ireland; the sector employs 7,500 people, with revenues in excess of €2 billion per annum; and it currently contributes approximately €1.1 billion in gross value added, GVA, to the economy. We have a strong talent pool, a highly skilled multilingual workforce and talent development programmes to which Cyber Ireland is participating and contributing. We are a digital leader, attracting FDI, and we host much of the EU’s data. Dublin is Europe's largest data hosting market.
Ireland is uniquely placed to benefit from increased global investment. It has an opportunity to position itself as a global leader for cybersecurity talent, innovation and investment. Cyber Ireland aims to facilitate the cybersecurity ecosystem to capitalise upon this opportunity. The report highlights the potential growth of the sector to 2030 to support 17,000 jobs and €2 billion in GVA.
Cyber Ireland published a position paper, Achieving Our Cyber Potential 2030, in addition to our market survey, with recommendations on how to realise our cyberpotential and growth targets by addressing key challenges and calling for a collaborative approach from stakeholders across industry, academia and government. The challenges are that we need to have better Government co-ordination on cybersecurity across Departments led by the NCSC; to scale and mature the indigenous cybersecurity sector; to address the cybersecurity skills shortages in industry and the public sector; and to address the fragmented and under-supported research and development landscape, and the low level of collaborative security research and development between industry and academia in Ireland.
What are our suggestions? A mature and diverse cybersecurity industry will play a significant role in supporting Ireland’s national cyber-resilience. This has been demonstrated internationally across leading cybersecurity nations that have supported and developed strong cybersecurity industry sectors, such as the United States of America, the United Kingdom, Australia, Netherlands and Israel.
A whole-of-government approach is required to ensure that Ireland improves its cybersecurity commitment and delivers on the national cybersecurity strategy vision of a society that can continue to safely enjoy the benefits of the digital revolution and play a full part in shaping the future of the Internet. This highlights the need for better co-ordination in Government regarding cybersecurity. This should be led by the NCSC within the Department of Communications, with buy-in from the Departments of Further and Higher Education, Research, Innovation and Skills; Enterprise, Trade and Employment; Public Expenditure, National Development Delivery Plan and Reform; Justice; and Defence, and relevant agencies including, among others, Science Foundation Ireland, SFI; Enterprise Ireland; IDA Ireland; An Garda Síochána; the Defence Forces; and the Office of Government Procurement.
To address current challenges, support co-ordination and ensure future cyber resilience, Ireland should invest in a cybersecurity campus that would bring together the key stakeholders across Government, industry and academia to contribute to our national cyber resilience under one branded entity. The campus would provide a centre of gravity for cybersecurity in the State, coordinating government Departments and agencies across the NCSC, An Garda Síochána and the Defence Forces, supporting enterprise development, from start-ups to SMEs to multinationals, providing training and enhancing technological innovation in most likely some form of hub-and-spoke model. It should also engage with the public, supporting cybersecurity awareness and education and strengthening a digital society. International examples already exist, such as the French Campus Cyber, The Hague Security Delta, the Netherlands' National Cyber Security Centre, Sweden's RISE Centre for Cybersecurity , and the Centre for Secure Information Technology, CSIT, in Belfast, the UK's innovation and knowledge centre for information technology.
A minimum investment of €40 million a year would be required for a cybersecurity campus in order to ensure that the gap between Ireland's digital index and cybersecurity preparedness is addressed. To ensure that Ireland maintains its competitive advantage as a safe place for doing business and to establish national trust needed for future inward investment, greater investment of up to €80 million per year is required. We need to train up 10,000 new professionals with cybersecurity skills to create a sustainable pipeline of talent for the private and public sectors. Funding for a national cyber education and career programme for young people between the ages of 11 and 18 is also required.
We need to deliver a cybersecurity baseline certification for all companies in Ireland, for example, Cyber Essentials or CI4, which Cyber Ireland has been working on, and a requirement for companies supplying public sector bodies. There are three goals. The first is improved cybersecurity protection to support all organisations to mitigate their cybersecurity risks, with the priority that it is an effective means for SMEs to protect themselves. The second is to demonstrate supply chain security to be an effective tool for large organisations and the Government to help manage third-party cybersecurity risks. The third goal is to reduce cyber insurance premiums, which are increasingly problematic, through a certified cybersecurity baseline.
Cybersecurity should be designated as one of five national clusters under the Department of Enterprise, Trade and Employment’s national clustering programme by 2025. We need to ensure that cybersecurity is incorporated into strategic Government funding mechanisms to support our cyber ambition, such as Enterprise Ireland, enterprise supports, PEACEPLUS, which is a €1.1 billion programme, and SFI's research centre programme. European funding should also be increasingly targeted.
Investing in cybersecurity is unique among national security spending. If we can move our national cybersecurity capabilities to European and global leadership status, we will secure our digital economy, our digital society and our citizens. In doing so we will project Ireland as a leader in cybersecurity practice and innovation, with a very real opportunity to generate five to ten times order of magnitude return on this national investment.