Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Dr Valerie Lyons named a winner at the Most Inspiring Women in Cyber Award

BH Consulting Chief Operations Officer Dr Valerie Lyons was named a winner at the Most Inspiring Women in Cyber Award. She was honoured at a ceremony held at the BT Tower in London where she also spoke as part of a panel discussion. The judging panel chose 21 winners from an original pool of 200 entrants, recognising the winners’ personal achievements, their efforts to close the industry’s gender divide or mentoring the next generation of women in cyber.

Ireland’s cyber confidence gap

Ireland remains the only EU member state not to have fully transposed the NIS2 Directive, having missed the October 2024 deadline. The National Cyber Security Bill, due to be introduced to the Oireachtas in 2026, will change this. Close to 4,000 Irish organisations are expected to fall within scope. The key signal from the bill is that cybersecurity is becoming a board-level legal responsibility where senior officers can face personal liability for breaches resulting from wilful neglect. 

Under Head 28 of the General Scheme, a ‘management board’ must approve and oversee cybersecurity risk management measures. The National Cyber Security Centre has already published draft Risk Management Measures (RMMs) and launched the voluntary Cyber Fundamentals (CyFun) framework, which provides a structured, risk-based path to demonstrating compliance. 

Meanwhile, four out of five Irish workers experienced a cybersecurity incident at work in the past year. In 43 per cent of cases, people experienced multiple incidents, and 13 per cent said a senior executive at their organisation had fallen for a phishing or cyber scam in the previous 12 months. Most workers (87 per cent) expect a big challenge in 2026 will be AI-enabled phishing that’s harder to detect than traditional scams. The figures come from a survey of 1,000 Irish workers carried out for Landmark Technologies, an IT support provider. More than half of respondents believe Ireland will suffer a “catastrophic cybersecurity incident” in 2026. This shock headline featured heavily in media coverage of the survey.

Data protection and privacy roundup: AI annihilates anonymity, and chat control canned

The old joke that “on the internet, no-one knows you’re a dog” can go in the bin. A team of academics successfully developed large language models that can de-anonymise people based on their past digital activity. “Our results show that the practical obscurity protecting pseudonymous users online no longer holds and that threat models for online privacy need to be reconsidered,” the researchers say. 

In late March, the European Parliament voted against rules that allowed large tech platforms to scan online for child abuse imagery. The so-called ‘chat control’ bill had been subject to intensive lobbying and negotiation. Critics argued its powers could infringe privacy rights. 

Chartered Accountants Ireland has raised concerns over potential GDPR risks linked to the employer portal being developed under the forthcoming auto-enrolment pension scheme. It warned the Department of Social Protection that the system may require employers to upload and process large volumes of sensitive employee data. Without proper safeguards, this would increase the risk of data breaches and non-compliance. The Department said data protection is being addressed in the system design. 

The European Commission and the European Data Protection Board have published the contributions from a public consultation about the Digital Markets Act and the GDPR. The EC says the responses show strong support for clearer cross-regulatory coordination.

SANS spruces up its security awareness guide

SANS Institute has updated its free ebook for helping security awareness professionals talk to leadership about human risk, and move beyond once-a-year training programmes. The SANS SecurityAwareness & Culture Maturity Model eBook, to give its full title, provides a structured framework for assessing, planning, and evolving a security awareness programme over time. 

It’s intended as a shared way to understand progress, define what good looks like at each stage, and prioritise where to focus next. The ebook breaks maturity into five clear stages and explains the changes that happen as programmes move from foundational efforts to sustained, organisation-wide security culture.

Links we liked

Worth your time: deaf and hard-of-hearing people working in cybersecurity. MORE

Cybercriminals are now compromising networks in just 29 minutes. MORE

A new Google report finds ransomware actors focusing on data extortion. MORE

Victims of invoice scams speak of their shame at being defrauded. MORE

In his own words, WordPress’ creator almost fell for a phishing attempt MORE

Trend Micro looks at how cybercriminals exploit LinkedIn for targeted profiling. MORE

Do certifications have value? A 25-year security leader’s perspective. MORE

Rich Mogull’s CSA blog on the security imbalance that AI creates. MORE

In cybersecurity, the test of readiness is never the audit. MORE

Misconceptions about the Cyber Resilience Act. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here