Former GCHQ director says Cork becoming a global cyber security hub in $11 trillion 'arms race'
Robert Hannigan, BlueVoyant International chair with, Michael Conley, BlueVoyant chief revenue officer, Cork Lord Mayor Cllr Dan Boyle, the Lord Mayor of Cork, Holly Steele, BlueVoyant senior vice president UK and EMEA, and Ger Kirby, BlueVoyant SOC manager, UK and EMEA, Councillor Dan Boyle, the Lord Mayor of Cork, with a plaque to officially open BlueVoyant's Security Operations Centre (SOC) in Cork.
The former head of Britain’s intelligence and surveillance agency GCHQ believes Cork is becoming a global centre for cyber security after his company opened a new security operations centre in the city.
Robert Hannigan was director of GCHQ from 2014 to 2017, and was responsible for the creation of the UK’s National Cyber Security Centre. He also worked as the British prime minister’s security advisor, while previously he was in the Northern Ireland Office, working under Tony Blair in discussions around the Good Friday Agreement.
These days, Mr Hannigan is working in private industry with BlueVoyant, a US cybersecurity company which has opened a new EU security operations centre (SOC) at Horgan’s Quay in Cork city. The team at Horgan’s Quay is led by Ger Kirby, an Irish Defence Forces veteran and former member of the Army’s Ranger wing. More than €1m has already been invested at the new SOC which will also become their EU customer centre to showcase their services. BlueVoyant in Cork has begun operations with six analysts onsite and plans to increase to 15 over the coming weeks.
Mr Hannigan, who is chairman of BlueVoyant International and responsible for business for Europe, the Middle East, and Asia. He believes Cork is primed to become a centre for cyber security worldwide.
“The way the industry works, when you get a couple of players, then you get that talent pipeline, you get people moving around, you get customers visiting Cork. So it's starting to happen already (Cork) as a centre for the industry,” he told the Irish Examiner.
Trellix – formed from the merger of FireEye and McAfee Enterprise – is long established in the region, while other firms in the sector Forcepoint, Proofpoint, Sophos, Dope Security, Malwarebytes all have a significant presence in Cork. Last May, PwC Ireland opened its Cyber Managed Services Centre at One Albert Quay, while Cyber Ireland is a national cyber security cluster organisation representing industry, academia, and government, based at Munster Technical University. MTU is hosting a Cybersecurity Careers Fairon March 5, and UCC and MTU now offer masters and undergraduate degrees focusing on cyber security, feeding into an industry facing a critical talent shortage, with the global cost of cyber crime projected to reach $11 trillion in 2026.
“BlueVoyant was really confident about the future of investing in Ireland, and the main reason was talen coming through As a high growth company we look at what things will be we like in five or 10 years time, in the threat and our response to it. So we want to build those relationships with colleges and universities. We see here in Cork, the amazing buildings going on, but the ecosystem of companies - Apple across the road, and many others, and that allows us to have a pool of talent who can move between companies, learn and develop.Connectivity is fantastic. We will bring companies from all over the EU here to see the SOC and to talk about our services. So it's really important that we can reach Cork so easily from all over the EU. And that's a wonderful benefit of your connections.”
Given the scale of industry – Cyber Ireland estimated the worldwide spend on cybersecurity in 2023 at $248bn (€238bn) – Mr Hannigan said there is a “fantastic opportunity” for Ireland to capitalise.
“The number of vacancies in cyber security is phenomenal across the Western world. In the US, in the UK, there just aren’t that many people coming out of the education system doing this. As we improve automation, more and more AI will be built in but we’ll still need people and it’s a great opportunity for Cork to specialise in cyber security.”
BlueVoyant was named Microsoft's global cyber defence platform security partner of the year in 2014, and the company had a soft opening in September 2024, with operations beginning at Horgans Quay under Ger Kirby, the company’s head of security operations for the EMEA region. The Corkman moved from a career in the military to the technology sector.
“I spent 22 years in the military and the Irish Defence Forces,” explains Mr Kirby. “In my time there, I worked in various roles across supply chain, HR; I worked in infantry units at a high level, I worked in the Army Rangers for another stint of my career, and then worked in cyber security also as Microsoft consultant.” He says that cybersecurity is growing and evolving in every industry, regardless of the organisation and its size.
“There's multiple attack vectors and threats that emerge - artificial intelligence, deep fakes; we have so many moving parts. Ransomware can be more accelerated, with ‘ransomware as a service’ , which can be provided on the dark web. In addition, you would have an awful lot of risk around supply chain and third party risk management, where a threat actor will gain entry to maybe a particular software associated with many organizations, and it's a gateway into their environment.”
Many of the staff who started with BlueVoyant in 2017 have emerged from roles in military or in security organisations in the US, like the NSA and FBI. Mr Hannigan was a career civil servant in Britain, but work and personal life meant Ireland has played an intrinsic part in his personal and working life. His wife is from Wexford, and in the 1990s the family lived in Belfast as he was based in the Northern Ireland Office.
“I worked from the Good Friday Agreement and onward, I guess, for about 10 years, which was very satisfying," he said. “I was a civil servant. I'm not political. I had great relationships with my civil service colleagues in the Department of Foreign Affairs especially, some amazing and talented people, and in Irish law enforcement.” He worked for Gordon Brown – becoming the prime minister’s security advisor - David Cameron, and Theresa May and became head of GCHQ, from 2014 to 2017.
GCHQ's remit is huge - famously it was responsible for cracking the Enigma code during the Second World War. More infamously, whistleblower Edward Snowden revealed in 2013 that GCHQ had been tapping fibre-optic cables that carry global communications.
That was before Mr Hannigan's tenure but one area where Mr Hannigan's legacy is clear from his time as director is his creation of the UK National Cyber Security Centre “under the governance of GCHQ, but a separate organization that works with industry, essentially a sister organization”.
He notes Ireland now has National Cyber Security Centre (NCSC) under the Department of the Environment, Climate and Communications with a very similar remit to the UK operation, and says it’s crucial to raise cybersecurity standards, especially for the public sector.
“Awareness of cybersecurity is 1,000 times better than when I started the UK National Cyber Security Centre 15 years ago. When I went into a boardroom in the UK government, it was quite difficult to get people to focus on this, they would see it as an IT department problem. Now everybody was focused on it, because every day we were reporting the latest breach. So every board gets it. That’s a huge change.
“Awareness is much much better than it was. But the problem is, the threat is also kind of arms race. So the people that you're dealing with are constantly developing their tactics, using improving their social engineering, improving their fraud techniques. It's a constant race. Even though I think we've got better in public and private sector by hundreds of times, the threat is still there.”
