top of page

Cyber security

When I worked in GOAL we had a thing called ‘kidnap and ransom’ insurance. K&R operated like any other insurance product although nobody ever admitted to paying a ransom to secure the return of a kidnapped employee.

When word got out that the Italian government had paid a substantial ransom to a terrorist group, many other Italians started getting picked up by opportunist terror groups.

Criminal gangs these days don’t have to leave their house to secure a ransom from some poor unfortunate company or state enterprise.

All they need to do is find a poorly defended computer network, plant the ransomware and then wait for the payment.

For Irish businesses, it’s much cheaper to pay a ransom than to put the systems in place to prevent an attack. So there are leaks and vulnerabilities everywhere. An average, repair costs around €100,000 while prevention costs €2m per annum for the larger entities - a no-brainer.

On Tuesday morning, I flew out to Athens to take part in a delegation visit to the HQ of ENISA, the EU’s cybersecurity agency. The delegation was led by MEP Raphael Glucksman (front left in the photo), a best-selling author and founder of Place Publique, a small French political party.

A typically urbane Estonian is in charge of ENISA and walked us through some of the serious problems that are common across the EU. Cybersecurity became a prominent issue in Ireland when the HSE suffered a ransomware attack in May. The cost of putting things back to where they had been may come to as much as a shocking €100M.

It is reported that the ransom demand was €20M.

More important than the financial cost was the cancellation of patients’ appointments and, at the very least, the endangerment of life. It is highly likely that lives were lost as a result and that at least a manslaughter charge would stand up if the perpetrators were caught. Think also of some extremely sensitive data that could be accessed and distributed on the dark web. Most of us would be scandalised to think that our health records were open for public scrutiny.

Across Europe, there is a pandemic of ransomware attacks. The targets include Cloud platforms, data centres, health facilities and financial companies. In 2020 there was a 72% increase in ransomware attacks, as more and more businesses went on line.

Going back to my GOAL analogy, someone must be paying ransoms. It is not illegal to pay a ransom and there is an argument that to make it illegal would be to punish the victim. This is a sentiment I agree with. Would anyone hesitate to pay a ransom if someone dear to them was being held hostage?

According to the briefing in Athens, the HSE response was textbook. It didn’t strictly qualify as something that came within ENISA’s remit as there was only a very limited cross-border element.

Nevertheless, there are significant lessens to be learnt. Many HSE computers are operating on the Windows 7 platform. This would be like leaving the front door open when you go on your summer holidays or voting Labour - not very sensible.

The EU is coming to the rescue, after a fashion. NIS2 is something you will only have heard of if you are incredibly interested in cybersecurity. But it is the second version of an already existing EU law on Network and Information Systems (NIS) and due to become law next year. Very briefly, it places a much greater burden on a much larger number of EU businesses and entities to be cyber safe. Now you know.

This will never be a huge election issue but if Ireland aspires to be a leader in the transition to a digital economy, then we would be well advised to up our game very urgently.

Recent Posts

See All


bottom of page