Speech
Micheál Martin  ·  2026-07-07 00:00

NCSC Launches Cyber Governance Guidance for Management Boards in NIS2 Organisations

From:Department of Justice, Home Affairs and Migration

The National Cyber Security Centre (NCSC) has today publishedGuidance on Cyber Governance for Management Board Members in NIS2 Entities.

The guidance is designed to help Accounting Officers and Management Board members, including CEOs, Managing Directors, CIOs and CISOs, understand and meet their cybersecurity responsibilities under the NIS2 Directive.

At the centre of the guidance is the Cyber Fundamentals Framework (CyFun), the NCSC’s preferred risk-based framework for helping organisations put their legal obligations into practice.

The introduction of the NIS2 Directive represents a landmark shift in the legislative landscape, assigning accountability for cybersecurity risk management to the highest level of executive management.

To support organisations, the NCSC recommends the CyFun framework as the preferred national approach to meeting these requirements. CyFun provides a practical, structured way for organisations to strengthen their cybersecurity and demonstrate compliance with NIS2. It encourages organisations to move beyond simply meeting regulatory requirements and towards managing cyber risk as part of good governance.

Together, the guidance and the CyFun framework give boards a clear and practical roadmap for managing cyber risk. They help board members understand the right questions to ask, identify and manage supply chain risks, and build a culture where cybersecurity risk is considered across the organisation. The guidance is designed so that boards can oversee cybersecurity effectively without needing detailed technical knowledge.

The Minister for Justice, Home Affairs and Migration Jim O’Callaghan:

“Cybersecurity has evolved far beyond a technical challenge handled in server rooms; it is now a fundamental boardroom priority. Ireland’s economic prosperity and social wellbeing are inextricably linked to the strength of our digital infrastructure. Recognising this, NIS2 requires accountability at the highest level of executive management for ensuring the smooth running of essential economic and societal services.

“By strengthening your organisation’s defences through this guidance and the CyFun framework, you are doing more than meeting regulatory obligations, you are protecting your business/public service and reinforcing public trust in our digital infrastructure. Your leadership at the board level is the foundation upon which we will build a safe, resilient, and trusted digital Ireland.”