Technology has become integral not only to the operation of most companies, but also to the delivery of services to citizens and the management of critical infrastructure and services that allow our society to function.
Additionally, Ireland has become a global technology hub, and as the European headquarters to more technology companies than other EU member states, an increasingly higher profile target from a cybercrime perspective.
Crimes committed through digital channels, or cyber crime has become an growing problem for Irish businesses and public bodies.
A cyber-attack can be one of the most complicated and challenging issues that an organisation faces and preventing or mitigating the risk of these cyber crimes such as denial of service attacks, ransom ware, distribution of malware, targeted phishing and the theft of personal information requires an increasingly effective control environment and set of solutions – technical and non-technical. As threats become more sophisticated, traditional security measures are proving inadequate.
The NIS directive is the EU’s response to this developing cyber security environment. The NIS Directive was the first piece of EU-wide legislation on cybersecurity. It aimed to bring cybersecurity capabilities at the same level of development in all the EU Member States and ensure that exchanges of information and cooperation are efficient, including at cross-border level.
The NIS2 will further enhance the work started in the NIS Directive in building a high common level of cybersecurity across the European Union. It places obligations on Member States and individual organisations/ companies in critical sectors.
The NIS2 aims to strengthen cyber resilience by focusing on the following key objectives:
The NIS2 distinguishes between "essential" and "important" entities. In principle, this distinction is based on the size of the entity and the service provided.
The National Cyber Security Centre (NCSC) has been designated as the main competent authority, with a further 7 public sector bodies designated at sectoral competent authorities in The National Cyber Security Bill 2024 Heads of Bill.
We have been providing cyber security services for over 20 years in Ireland and have conducted cyber security audits and compliance reviews on behalf of some of the largest organisations in Ireland across a range of sectors including financial services and publicly funded organisations including central government.
In addition we have been conducting NIS audits of operators of essential services (OES’s) under the NIS on behalf of the NCSC since 2020.
We have also been conducting compliance reviews, risk assessment and cyber security audits for those organisations required to compliance with the Cyber Security Baseline Standards since 2021.
We do not implement, support or design cyber security strategies, solutions or products and as such our services are truly independent. These services include:
Consulting partner Liam McKenna and director David O’Sullivan contributed to an Irish Times special report on Gen AI and its use within the Irish workforce. They talked about the risks and responsibilities and the role of strong governance combined with a clear strategy. The following is a summary of their points.
On 11 July 2025, the European Banking Authority (EBA) published a Final Q&A (2024_7043) addressing the scope of the K-NPR (Net Position Risk) calculation for foreign exchange and commodity risk under the Investment Firms Regulation (IFR).
The European Accessibility Act (EAA), Directive (EU) 2019/882, came into full effect on 28 June 2025. Below, we outline what it means, which businesses are affected, and what actions are required to comply
Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Forvis Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.
The general data protection regulation (GDPR) provides for two crucial concepts for future project planning: Data Protection by Design and Data Protection by Default (DPbDD). While long recommended as good practice, both principles are enshrined in law under Article 25 of the GDPR. Our expert team can guide you though the approach and process of building privacy by design into your products, services...
End of the era of technology self regulation
Assure your customers through independent third-party assurance reports SOC 1, SOC 2 & ISAE 3402 and ensure your internal controls align with industry benchmarks and customer demands.
Forvis Mazars supports you in achieving and maintaining data protection and privacy compliance
Forvis Mazars provides outsourced data protection officer (DPO) services to organisations that do not wish to directly employ a DPO
Satisfying subject access requests can require a very significant amount of time and effort. Gathering the data, filtering out the irrelevant records, making decisions on what is necessary to include and redacting information appropriately can turn one SAR into a project in its own right.
Forvis Mazars DPIA methodology has been developed using years of experience, ensuring that risks are identified and mitigated in line with business needs while keeping a focus on individuals.
Forvis Mazars has partnered with Europrivacy to provide companies with General Data Protection Regulation (GDPR) compliance certifications. This is the first GDPR certification to be created since the launch of the GDPR four years ago, and has been authorised by the European Data Protection Board (EDPB). This certification positions companies as front-runners in data protection with a strong competitive...
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.