Cybersecurity Shifts from Prevention to Resilience at Zero Day Con 2026 in Dublin

At Zero Day Con 2026 in Dublin, the atmosphere of excitement around AI’s cybersecurity potential was matched by a growing conviction that resilience is now the name of the game. Cyber threats have evolved into something faster, more adaptive and far more sophisticated than many organisations are prepared for. The battlefield is changing in real time. We need to move beyond the illusion of perfect prevention and embrace the reality of cyber resilience.

The primary theme echoing through the Dublin Royal Conference Centre was that Cybersecurity is no longer just about prevention – it’s about resilience.

Zero Day Con 2026 reviewed and key trends

The event brought together leaders operating at the front line of cybersecurity, including representatives from the FBI, NCIS, Microsoft and EasyJet, alongside executive and board leaders, with support from leading cybersecurity vendors such as Smarttech247 and CrowdStrike. Rather than focusing purely on stopping attacks from happening, the conversation migrated towards what organisations do when attacks inevitably occur.

There was broad recognition that every organisation must now assume it will experience some form of cyber breach. Whether motivated by profit, ideology, disruption or geopolitical influence, what matters most is how organisations respond in the critical seconds and minutes immediately afterwards.

What struck me most throughout the day wasn’t just the expertise of the speakers and panels, but the natural flow of the conversations themselves. Discussions moved from AI, to geopolitics, to leadership – in a way that felt reflective of the real world. Technology, geopolitics and people are no longer separate domains; they now exist within an interconnected ecosystem that demands collaborative thinking, resilient systems and adaptive leadership to deal with evolving threats to national, commercial and personal interests.

AI, Infrastructure and Geopolitics Are Converging

A dominant theme throughout the conference was the growing convergence of AI, infrastructure and geopolitics. AI is acting as a force multiplier, accelerating both cyberattacks and cyber defence capabilities simultaneously. Organisations are now operating in what increasingly feels like an AI-driven security race, where attackers and defenders are continuously adapting in real time. At times, it felt as though the line between science fiction and cybersecurity reality is beginning to blur.

Large-scale environments, from naval systems to global supply chains, are becoming increasingly digitised and as a result, increasingly exposed to cyber risk. One example discussed was the concept of the US Navy developing an AI-driven “central nervous system” capable of connecting naval operations, infrastructure and supply chains into a unified, seamless end-to-end monitoring and alert capability. While strategically powerful, such deeply interconnected systems also dramatically expand the attack surface, raising serious questions around resilience, dependency and risk management in highly digitised environments.

Another recurring theme was the increasing focus of nation-state actors on private organisations, not just governments. Attacks are no longer purely financially motivated; many are designed to disrupt operations, coerce influence, test capabilities or achieve strategic geopolitical objectives. The recent Stryker cyberattack in Cork was highlighted as an example of how these threats are becoming more visible at a local level.

The Threat Landscape Is Becoming More Human

While the technical narrative remained strong throughout the day, it was the human impact of cyber incidents that stirred my interest the most.

Joe Tidy, Cyber Correspondent with the BBC, shared the example of a Swedish cyberattack in which highly sensitive psychiatric patient records were stolen and used as leverage for ransom. It served as a stark reminder that cyber incidents are not abstract technical failures, rather they can become deeply personal attacks against individuals at their most vulnerable.

Other speakers highlighted several growing trends:

• Social engineering attacks are becoming increasingly convincing
• Helpdesk manipulation and identity compromise are accelerating through AI-generated impersonation and synthetic media; and
• Insider threats remain among the most difficult and damaging risks for organisations to manage

Basic Cyber Hygiene Is Still Poor

Despite major advances in cybersecurity tooling and capability, it became evident throughout the conference that the fundamentals remain the weakest point for many organisations. From unpatched vulnerabilities to compromised identities, many of today’s most successful attacks still exploit basic security failures. In many cases, organisations simply do not yet have their house in order, leaving the digital equivalent of the front door wide open.

Kathryn Sherman of the FBI discussed Operation Winter SHIELD, an initiative designed to distil the FBI’s ten most impactful actions organisations can take to strengthen resilience against cyber intrusions.

Her message to industry is to:

• Go back to basics
• Understand your attack surface
• Strengthen identity controls; and
• Share threat intelligence more effectively

Before organisations chase the latest technologies, leaders must first ensure the fundamentals are firmly in place. Many successful cyberattacks today occur not because attackers are exceptionally sophisticated, but because gaining access is often relatively easy. Cybercriminals are opportunistic; if they do not need to work hard to access systems or data, they usually won’t. They scan the digital neighbourhood for windows and doors that are left open and increasingly, many organisations are still leaving them unlocked.

Critical Infrastructure and Supply Chain Risk

A panel on critical infrastructure highlighted that organisations should assume their data is already out there. Focus is shifting from containment to resilience.

Key highlights included:

• Fragmented infrastructure creating weak links across the supply chain
• The ability to safely shut down operations during an attack; and
• The increasing targeting of Ireland-based organisations

There was also discussion around future threats such as “harvest now, decrypt later” – whereby data stolen today may eventually be decrypted using future quantum capabilities.

Organisations can no longer think about cybersecurity in isolation. Infrastructure, suppliers, logistics networks, cloud providers and operational technology are now deeply interconnected. A weakness anywhere in that chain can quickly escalate into a broader business risk. Increasingly, the weakest point may not even sit within your own organisation, but somewhere across the wider supply chain. That reality demands a far more holistic approach to cyber resilience – one that considers the entire end-to-end ecosystem, not just the perimeter.

Cybersecurity Moves to the Boardroom

A key takeaway from Caroline Spillane, CEO of the Institute of Directors Ireland, was the growing accountability of Boards and leadership teams. Cybersecurity is no longer something that can simply be delegated, rather it is now a core leadership responsibility.

Caroline emphasised that Boards must:

• Take ownership of cyber risk
• Look ahead, not just at current threats
• Break down technical language; and
• Use real-world scenarios to understand impact

Rather than relying on abstract discussions or technical jargon, boards are encouraged to ground cyber risk in practical examples; understanding and taking ownership for what happens when systems, operations, data or people are compromised.

The Rise of Counterintelligence and Deception

One of the more fascinating discussions during the event came from Joshua Cruse, Deputy Assistant Director Cyber at the Naval Criminal Investigative Service (NCIS), who highlighted how cybersecurity is increasingly drawing from counterintelligence practices traditionally associated with intelligence and defence communities.

Rather than simply blocking attackers, organisations are beginning to adopt more strategic approaches designed to detect, mislead and monitor adversaries.

These approaches include:

• Creating decoy environments to contain intruders
• Using fabricated or tainted data to mislead attackers; and
• Deploying tripwire alerts to detect lateral movement inside networks

The industry is gradually evolving from passive defence towards strategic misdirection. Hackers love solving puzzles and what better way to detect them than by feeding them controlled, misleading or low-value data while monitoring their behaviour in real time?

Joshua also emphasised the growing impact of insider threats, describing them as among the most difficult threats to detect and often among the most damaging when successful. As he noted: “An organisation’s greatest sensor network is its employees.”

That point resonated strongly throughout the conference. Organisations must continuously train and retrain employees and contractors to remain cyber-aware and security-conscious in an environment where human behaviour is increasingly being targeted alongside technology itself.

One example discussed involved an employee allegedly being offered $1 million to insert a malicious USB device into a network environment. The example highlighted an important reality – insider risk is not always driven purely by malice; rather financial pressure and human vulnerability are increasingly playing out in the modern cybersecurity landscape.

Final Thought

What lingered with me most after Zero Day Con 2026 was the sense that cybersecurity is undergoing a profound transformation. It’s no longer confined to the server room or the domain of technical specialists; it now sits at the intersection of AI, geopolitics, infrastructure, leadership and human behaviour. Success is no longer defined by the impossible task of avoiding every attack; rather it’s defined by the creation of systems, cultures and leadership structures capable of responding effectively when disruption inevitably occurs. The real challenge is no longer purely technical; it’s leadership.

In The Art of War, Sun Tzu wrote:

“The supreme art of war is to subdue the enemy without fighting.”

That concept feels increasingly relevant in today’s cyber domain; we are at war and the stakes have reached new heights. The future of cybersecurity will not belong to the organisations with the tallest walls or the strongest perimeter defences; rather it will belong to those capable of anticipating disruption, adapting under pressure and building resilient systems that can withstand chaos.

In an era shaped by AI, deception and constant uncertainty, cyber resilience is no longer just a defensive capability – it’s the defining strategy for survival itself. The digital battlefield is already here. The banners are rising, the armour is being forged, and the next generation of conflict has already begun. The question now is not who can avoid the storm – but who can endure it.

See more breaking stories here .