R&D Tax Credit Incentive Supports Ireland’s Growing Cybersecurity Industry

As businesses globally are faced with embracing digitalisation, the rising importance of cyber security requires them to continuously implement threat protection measures.

Ireland’s commitment to cybersecurity innovation

Ireland is a leading technical hub where companies innovate to produce technological advances in their software to protect sensitive business and consumer data. In Budget 2024, the Irish Government demonstrated their commitment to the National Cyber Security Centre with a €10.4 million investment. This demonstrates the importance of digital technologies, our digital networks, and the potential disruption to them. Businesses incur substantial non-commercial expenditure in developing new and innovative security protection measures; however, they are unaware they qualify for relief via the R&D Tax Credit Scheme from Revenue.

Fail to prepare, prepare to fail.

With the landscape of R&D tax relief undergoing substantial changes, it’s crucial that you stay informed and prepared, as these are set to impact how you plan and claim R&D tax credits.

Visiativ is here to help you remain informed and compliant. Let’s dive into the changes and understand their implications for your business.

Benefit from a 25% refund on qualifying R&D expenditures with R&D tax credits

The R&D scheme now rewards businesses with a 25% refund on all eligible R&D expenditure, rising to 30% from 2025. Initially awarded as a tax credit against your corporation tax, businesses can now avail of it as a cash refund. This welcome cash flow allows businesses to continue to invest in the development of innovative technologies and remain competitive in their markets.

Under the R&D tax credit legislation, qualifying R&D activities are defined as those that are systematic and investigative, seek to achieve new knowledge, and involve the resolution of technological challenges. These activities can include the improvement, implementation and/or integration of existing products, processes, or services.

The threats and challenges that force CyberSecurity companies to innovate (i.e. undertake R&D) and the subsequent qualifying activities:

• With the increased use of internet-enabled devices, the vulnerability and risk of being hacked through malware is rising. Shared network access makes it easier for IoT devices to use the same network but makes entire networks much more vulnerable. Unauthorised access and denial of service are two of the biggest cyber threats for IoT devices and have forced cyber security companies to invest in the design and development of new or improved IoT device security protocols.• The complexity of business ecosystems means that there is an increased reliance on partners, 3rd party vendors and technical integration platforms for businesses to run optimally. However, this creates its own risks around security vulnerabilities, data protection and operational efficiency. The development, creation, or enhancement of third-party risk management software allows businesses to navigate the complexities of the technological world with the use of external partners, mitigating the risks that come with it.• The rise of malware, phishing and ransomware sophistication means there are many more ways for cybercriminals to gain access to businesses’ sensitive information. This is becoming increasingly problematic, as we have seen with some of the larger breaches over the past few years, generally forcing organisations to pay large sums to access their data unharmed. One fundamental way to ensure businesses can safeguard this information is through the creation or improvement of encryption methods and techniques.

  • In the past, there has been complacency with personnel verification within organisations. Phishing, the breach of IoT devices and credential threats have driven a new ethos of “never trust, always verify”. The development and improvements of Zero Trust Architecture applications are vital to ensure a proactive approach to protect businesses’ sensitive data.

  • The development of tools for virus/spyware/malware/intrusion detection, traffic analysis and forensics allows businesses to be set up appropriately to mitigate the risk of being breached through such cyber threats. In Ireland, these activities represent the bulk of claims through the R&D Tax Credits initiative.

  • The development of secure cloud storage is essential to ensure data protection from major cybersecurity threats. Encryption shields data from unauthorised access, ensuring confidentiality and regulatory compliance, such as GDPR or HIPAA. Additionally, backups in secure cloud storage offer resilience against data loss, a critical defence against evolving threats like ransomware attacks.

  • Ongoing efforts to improve security protection via penetration testing and/or iterative development may also qualify as valid R&D activities.

R&D Tax Credit claims can include the time engineers and developers spend on these activities (salaries), subcontractors or 3rd party input, a portion of software licences and or any hardware purchased to carry out these activities.

If any of the above applies to your business or you are unsure and would like to avail of a no-obligation complimentary assessment of your eligibility, please get in touch to find out more.