National Cyber Risk Assessment

The National Cyber Security Centre has published its 2025 National Cyber Risk Assessment. This is a comprehensive review of the cyber threats, systemic risks, and sectoral vulnerabilities facing the State.

The assessment provides the most detailed national overview to date of Ireland’s cyber risk environment and builds on the foundation laid by the 2022 assessment. It identifies key developments in the national and global cyber threat landscape, including increasingly sophisticated nation-state activity, the accelerating pace of cybercrime, and the growing likelihood of cascading impacts across interconnected sectors such as energy, transport, healthcare, and financial services.

Key findings of the 2025 National Cyber Risk Assessment include:
As technology has advanced and reliance on digitalisation has intensified, the cyber threat landscape has become more complex with an increased risk of incidents, leading to significant cross sectoral impacts.
Taking an all-hazards approach, three key systemic risks have been identified:

the dynamic geopolitical environment,
evolving technology and its implications on security,
supply chain security.

If any or all these risks were to be realised, it could undermine Ireland’s delivery of essential services, disrupt its critical sectors, and erode trust in government, institutions, and organisations.

To mitigate Ireland’s identified risks, five recommendations have been made:

Strengthen visibility and detection – investing systems and structures to enhance national visibility will reduce systemic blind spots and allow the State to be better positioned to anticipate and respond to risks before they escalate.
Implement proactive cyber defence capabilities – reactive responses alone are not sufficient to protect society and the economy from the potential cascading effects of attacks on critical systems. Ireland must enhance its proactive cyber defence posture, disrupting the cyber-attack lifecycle earlier to prevent incidents at scale.
Enhance national resilience – by implementing EU frameworks in full and extending resilience beyond infrastructure to society itself, Ireland will ensure that both services and democratic institutions remain robust in the face of systemic cyber risks.
Secure critical supply chains – the State must strengthen our supply chain through strengthening procurement rules in government, embed security-by-design and risk management practices, and increase visibility of vendor ownership.
Invest in national cyber resilience – investment in people, innovation and our indigenous industrial base will ensure that Ireland has the capacity not just to respond to today’s threats but to anticipate and shape the next generation of resilience measures.

These recommendations provide a framework for the next National Cyber Security Strategy, ensuring that systemic vulnerabilities are reduced and national resilience strengthened.

The 2025 National Cyber Risk Assessment is available here.

A copy of the 2022 Risk Assessment is available on the Department of Justice, Home Affairs and Migration website at the following link: https://www.gov.ie/en/publication/5a871-national-cyber-risk-assessment-2022/