Case Studies
Real engagements with real Irish businesses. Every case study below is drawn from our direct experience — the situations are genuine, the work is ours, and the outcomes are verified. We have anonymised the organisations to protect client confidentiality.
Business process mapping for a food manufacturer in scope for NIS2
The Situation
A large food processing company had been designated an 'Important Entity' under NIS2 and needed to understand which of its business processes had IT dependencies — and where single points of failure existed that could halt production.
What We Did
We conducted structured business process mapping workshops across the organisation, identifying critical operational processes and their underlying IT systems. Single points of failure were documented, risk-rated, and a prioritised remediation roadmap was produced to address the most critical gaps before the NIS2 compliance deadline.
The Outcome
The client gained a clear, board-presentable view of its operational technology risk, a defensible compliance artefact for the NCSC, and a sequenced plan to eliminate the highest-risk dependencies without disrupting production.
Related reading
Post-incident response for a Donegal group that lost over €1m to BEC fraud
The Situation
A regional Donegal-based multi-national group of companies suffered a business email compromise (BEC) attack in which fraudsters intercepted and manipulated email communications to redirect a significant payment. The group lost over €1 million before the fraud was detected.
What We Did
We were engaged to lead the post-incident investigation, identify how the compromise occurred, and implement controls to prevent recurrence. This included email authentication hardening (DMARC, DKIM, SPF), payment verification procedure redesign, staff awareness training focused on BEC tactics, and a review of supplier communication channels.
The Outcome
The root cause was identified and closed. New payment controls and verification procedures were embedded across the group. Staff are now trained to recognise the social engineering techniques used in BEC attacks, and the organisation has significantly reduced its exposure to this class of fraud.
Ransomware recovery and backup remediation for a fishing industry firm
The Situation
A fishing industry firm suffered a ransomware attack that took over ten office staff offline for three weeks. Their backups existed but had never been properly tested or validated — meaning the recovery process was far slower and more painful than it needed to be. Approximately two weeks of operational capability was lost, and significant data had to be manually re-captured.
What We Did
We supported the incident response and recovery effort, then conducted a full review of the backup architecture and testing regime. A revised backup strategy was implemented following the 3-2-1-1-0 rule, with scheduled recovery testing built into the operational calendar. Endpoint protection was upgraded and staff received targeted training on ransomware delivery vectors.
The Outcome
The firm recovered and now has a tested, validated backup capability that has been proven to work. Recovery time objectives are documented and rehearsed. The organisation understands precisely what it would take to recover from a future incident — and is confident the answer is days, not weeks.
Third-party risk management programme for a healthcare essential services operator
The Situation
An operator of essential services in the healthcare sector needed to implement a formal third-party risk management programme. The organisation relied on a wide range of suppliers and technology vendors, but had no structured process for assessing the security risk those relationships introduced into its supply chain.
What We Did
We designed and implemented a third-party risk management framework tailored to the organisation's supplier landscape and regulatory obligations. This included a tiered supplier classification model, a risk assessment questionnaire and scoring methodology, contractual security requirements, and an ongoing monitoring process. Key high-risk suppliers were assessed as part of the initial rollout.
The Outcome
The organisation now has a defensible, repeatable process for managing supply chain security risk — a direct NIS2 requirement for essential services operators. High-risk suppliers have been assessed and remediation actions agreed. The programme provides the board with ongoing visibility of third-party risk exposure.
Related reading
Secure guest Wi-Fi implementation for a Donegal hotel
The Situation
A Donegal-based hotel needed to provide reliable, secure Wi-Fi for guests while ensuring that guest devices were completely isolated from the hotel's own business network — including its property management system, payment terminals, and back-office systems.
What We Did
We designed and oversaw the implementation of a segmented network architecture that provides guests with a dedicated, isolated Wi-Fi environment while keeping all business-critical systems on a separate, protected network. The solution included appropriate access controls, captive portal configuration, and documentation of the network design for ongoing management.
The Outcome
Guests now enjoy reliable Wi-Fi access, and the hotel's business systems are fully protected from any activity on the guest network. The hotel has a documented network architecture it can present to insurers and auditors, and the team understands how to maintain the separation going forward.
Related reading
Could Your Business Be Our Next Case Study?
Every engagement starts with a conversation. Book a free 20-minute call and we will give you an honest assessment of where you stand and what you should prioritise first.
