By Mick Moran, CEO, Irish Internet Hotline
Child Sexual Abuse Material (CSAM) isn’t only a matter for the criminal justice system. It’s a very real cybersecurity threat, and one that enterprise risk and security leaders can’t afford to overlook. At a time when organisations are already stretched dealing with insider risks, espionage, and reputational pressures, CSAM introduces a serious vulnerability that can undermine systems, staff wellbeing, and public confidence.
Why CSAM Belongs in Your Threat Model
CSAM files often look like ordinary .jpg or .mov formats, yet their presence on corporate networks can quickly escalate into legal, ethical, and operational trouble. Whether they appear through malicious activity or through an insider’s behaviour, these files can be used for blackmail, coercion, or kompromat. Mishandling them brings heavy reputational fallout and potentially severe legal repercussions.
Legal Exposure
Irish legislation is direct and uncompromising: deleting CSAM without reporting it is a criminal offence. Under the Child Trafficking and Pornography Act 1998, corporate officers can even be held personally responsible. The Criminal Justice (Withholding of Information on Offences Against Children and Vulnerable Persons) Act 2012 applies to everyone, not just professionals. This isn’t a matter for HR to sort out quietly. It is a prosecutable crime. That said, if staff are trained properly and clear procedures are in place, there’s no risk to anyone acting responsibly and in good faith during an incident.
Staff Welfare
Teams in IT, HR, or compliance can encounter CSAM during investigations or incident response, and the psychological impact can be significant. Organisations need trauma-aware processes, minimal exposure through automation, and proper support structures. Training is essential so staff know how to respond to these situations ethically, safely, and legally.
Compliance and Due Diligence
Standards such as NIST, ISO/IEC 27001, and the NIS2 Directive all require internal threat detection and incident response. Bringing CSAM into your threat model strengthens your compliance posture and shows that your organisation is exercising due diligence. If you sit within the supply chain of an “Essential or Important Entity” under NIS2, treating CSAM as a cyberthreat isn’t optional.
Forensics and Evidence Preservation
CSAM is criminal evidence. Deleting or altering it can obstruct investigations and may prevent the identification of victims or offenders. Metadata, access logs, and proper evidence-handling steps matter. Companies need to preserve material correctly and work with law enforcement to protect children and support prosecutions.
Ethical and Reputational Risk
As with data breaches, the public tends to judge organisations not for experiencing an incident, but for how they respond to it. Attempts to conceal CSAM incidents or handle them in an unethical manner can inflict lasting reputational damage. Lawful reporting, transparency, and ethical handling must be standard practice.
The Irish Internet Hotline (IIH) assists members by:
• Developing tailored CSAM policies
• Training teams across departments
• Providing hash sets and domain lists
• Supporting incident response and forensic coordination
• Conducting post-incident reviews and policy updates
We offer discreet, expert support, including liaison with law enforcement and guidance on hash signature selection and detection tools.
In conclusion,
CSAM is a cybersecurity threat, full stop. CISOs and Risk Officers need to treat it with the same seriousness as any other high-impact risk. The dangers are real, the legal requirements are unambiguous, and help is available. Building safer, more resilient digital environments begins with confronting the threats that too often go unnoticed.