€300,000 salary ‘key to hiring best-in-class talent for cyber security role’ 

The annual salary for the director of the National Cyber Security Centre (NCSC) should be close to €300,000, an IT recruitment expert has said.

The critical role is currently vacant, with the Government unable to fill it due in part to the salary on offer, reported to be around €89,000.

An Oireachtas Committee on cyber security  heard yesterday that this figure should be tripled, while Ireland should also increase its cyber budget of €5m tenfold.

Bláthnaid Carolan, a cyber security recruitment specialist, told the committee the remuneration must be competitive and in line with private sector salaries.

She said the director of the NCSC should receive between €220,000 and €290,000 a year, plus bonuses.

This, she said, should include benefits of between €150,000 and €200,000, long-term incentives and stock options.

Ms Carolan told the Joint Oireachtas Committee on Transport and Communications that the role demanded the “best in class”.

“Everything hinges on getting this hire right to ensure a sustainable and secure success of the National Cyber Security Centre,” she said.

A spokesman for the Department of Transport, Climate and Communications said a capacity review of the NCSC was being undertaken by an expert global consultancy that would inform decisions on future resources.

The committee was also briefed by international cyber experts on the security of Ireland’s IT network. Pat Larkin, CEO of Ward Solutions, said cyber security had emerged as one of the top three risks on global, national and corporate scales along with climate change and global pandemics.

He said this had led cyber crime, worth €6trn annually, to overtake the global illicit drugs trade.

Mr Larkin, a former member of the Defence Forces, said Ireland should spend 10 times the current €5m budget allocated to cyber security.

He said there was no clear reason why the HSE was targeted and that, like other hacked health services, was just another vulnerable victim.

Mr Larkin said the cyber attack should act as a “wake-up call” and there needed to be a change of mindset on cyber crime and national security.

In 56pc of ransomware cases, he said, money was handed over to the hackers.

US-based security expert Padraic O’Reilly said he agreed with the health services decision not to pay the criminals.

Mr O’Reilly, co-founder of Cybersaint, told the committee that if organisations started paying sums to the hackers, they effectively become their research and development department.

Gardaí are continuing their criminal investigation into the HSE cyber attack.

They said that, while it cannot be confirmed with any certainty, it was probable that personal records were leaked, as is a feature of these attacks.

The gang involved had warned it would begin publishing stolen data on Monday if a ransom was not paid.

However, no large-scale dump of data from the HSE servers has yet been discovered on the dark web.

Gardaí are aware of phishing scams and advise people not to engage with callers, but to contact their local garda station if they think they are a victim of cyber crime.