Above image: Pictured during the panel discussion at the Cyber Expo Ireland, from left to right are Paul Hearns (Panel MC), Mike Kehoe (IBM), Carmel Somers (Digital Technology Skills), Tony Davitt (Cisco) and Jacqueline Kehoe (Cyber Skills)
Author: Carmel Somers, Digital Technology Skills
Cyber Expo Ireland 2025, held in Dublin, Ireland on May 22nd, brought together thought leaders, practitioners, and educators to explore the future of cybersecurity across sectors. A standout session on cyber resilience moderated by Paul Hearns featured two panellists from the Digital4Security (D4S) consortium – Jacqueline Kehoe from Cyber Skills and Carmel Somers from Digital Technology Skills – together with Tony Davitt from Cisco and Mike Kehoe from IBM. Their message was clear: if you’re still thinking about cybersecurity as a compliance checkbox, you’re already behind.
Moving Beyond Compliance to Real Resilience
A core theme from the panel session was a strategic shift in focus: from a traditional “protection and compliance” approach to one centred on resilience. This pivot acknowledges that, despite best efforts, cyber incidents will occur. What differentiates resilient organisations is their capacity to recover rapidly and effectively – something that requires whole-of-organisation awareness and participation, not just technical readiness.
The panellists highlighted the cultural foundations of cyber resilience. Open, psychologically safe environments – where employees feel confident to report threats, incidents or suspicious activity – are essential. This aligns closely with the D4S vision of embedding security competencies and values across functions and levels.
The Fatal Flaw in Traditional Cybersecurity
Here’s the uncomfortable truth that most organisations refuse to face: you will be breached. It’s not a matter of if, but when. Yet, most cybersecurity strategies are built on the fantasy that perfect protection is possible.
The experts at the Cyber Expo Ireland conference put it bluntly – organisations need to stop playing defence and start building for the inevitable. The companies that survive and thrive aren’t necessarily the ones that never get hit; they’re the ones that bounce back faster and stronger.
The Cultural Revolution Your Organisation Needs
Want to know what separates resilient organisations from sitting ducks? It’s not the latest AI-powered threat detection system (though that helps). It’s culture.
Think about it: when was the last time an employee in your organisation voluntarily reported something suspicious? If your answer is “I’m not sure” or “never,” you have a culture problem, not a technology problem.
Stop Treating Everyone Like IT Specialists
Here’s where most cybersecurity training goes wrong: it treats the CFO the same as the help desk technician.
Your board members don’t need to understand the technical details of SQL injection attacks. But they absolutely need to grasp why cybersecurity budget decisions can make or break the company’s future. Your front-line employees don’t need to become security analysts, but they need to understand why their role matters in the bigger picture.
The message is the same – “cybersecurity is everyone’s responsibility” – but the delivery must be different to resonate with different cohorts.
The Sectors Living on Borrowed Time
If you work in higher education or healthcare, the Dublin experts had particularly sobering news: you’re in the crosshairs. These sectors face a perfect storm of vulnerability – open systems by design, critical services that can’t afford downtime, and often limited cybersecurity resources.
But before financial sector leaders breathe a sigh of relief, remember: being “more mature” doesn’t mean being immune. Criminals don’t discriminate, and yesterday’s advantages can become tomorrow’s blind spots.
Rethinking ROI: Cybersecurity as Digital Insurance
When budget discussions arise, executives inevitably ask: “What’s the ROI on cybersecurity?” It’s the wrong question.
Instead, ask: “What’s the ROI on your building’s fire insurance?” You don’t buy fire insurance expecting to profit from it; you buy it because the alternative is potentially catastrophic.
But here’s the crucial difference: insurance pays out after disaster strikes. Cybersecurity resilience prevents the disaster from becoming catastrophic in the first place. That’s not just ROI – that’s survival.
The Manufacturing Lesson That Changed Everything
The most powerful insight from the Cyber Expo Ireland conference came from an unexpected source: manufacturing quality control.
Decades ago, manufacturers realised that inspecting products at the end of the assembly line wasn’t enough. They had to build quality into every step of the process. The same revolution needs to happen in cybersecurity.
We need to stop thinking about cybersecurity as a perimeter wall and start thinking about it as DNA – something that’s embedded in every cell of the organisation.
The Leadership Challenge
Here’s the bottom line that every executive needs to internalise: cyber resilience isn’t a technology problem – it’s a leadership problem.
Leaders need to stop thinking about cybersecurity as a perimeter wall and start thinking about it as DNA – something that’s embedded in every cell of the organisation.
Remember, technology will always be part of the solution, but it’s never the whole solution. The organisations that will thrive in our increasingly connected world are those where leaders:
- Embrace vulnerability instead of denying it
- Invest in people as much as they invest in tools
- Build resilience into their organisational DNA
- Create cultures where security is everyone’s shared value
What Happens Next?
The cybersecurity landscape isn’t getting easier. Threats are evolving faster than our defences, and the cost of failure keeps rising. But there’s hope in the Dublin conference’s central message: resilience isn’t just about surviving the storm – it’s about becoming stronger because of it.
The question isn’t whether your organisation will face a cyber crisis. The question is whether you’ll be ready to bounce back when it happens.
The time to build that resilience is now. Because when the breach happens – and it will – it’ll be too late to wish you’d started sooner.
Want to transform your organisation’s approach to cybersecurity resilience? The experts from Dublin’s Cyber Expo emphasised that this isn’t a journey you have to take alone. Projects like Digital4Security (D4S) are working across Europe to equip leaders with the frameworks, skills, and the mindset needed to build truly resilient organisations.
