Irish organisations are at increasing risk of cyberattack, while also suffering from poor user awareness and lack of budget.
These are some key findings from the latest Global Information Security Survey by EY, including Ireland. The survey included some 1,700 c-suite leaders and information security and technology professionals, with 54 Irish respondents.
The survey found that almost three quarters (72%) of Irish organisations had experienced a significant cybersecurity incident, compared with 57% globally. This represents a 29% increase in Irish organisations reporting incidents over 2014.
More than half (55%) of Irish respondents believed their organisation was unlikely to detect a sophisticated attack on the business, a figure, the survey says, which has remained more or less unchanged over the past two years. By contrast, only a third (33%) of executives globally say the same today, a significant drop from 56% two years ago.
Incident handling
Not only are Irish businesses therefore vulnerable, says the survey report, many are not fully prepared for dealing with an incident. It found that while an encouraging 68% have an incident response plan including root cause analysis, 42% have no communications response strategy for a significant cyberattack involving data compromise, and 15% stated that they had no breach detection capability whatsoever.
Furthermore, more than two out of three respondents, both in Ireland and globally, said that up to 50% more budget was needed to keep their organisation within its risk appetite, highlighting, says the survey report, a requirement for increased funding within organisations to mitigate against growing cyberthreats.
Irish organisations are, however, on the right trajectory, the report asserts, with security budgets continuing to rise. Almost two thirds (65%) of executives surveyed reporting that said their organisation’s information security budget had increased in the past 12 months. The research also found that the adoption of cyber-insurance is maturing more rapidly in Ireland than elsewhere, with nearly two in five (39%) Irish respondents already having cyber-insurance that meets their needs, 50% more than the global average, and a further one in five (20%) actively looking for appropriate cover.
“Our research shows that while Irish businesses are now more focussed than ever on managing cyber-risk,” said Hugh Callaghan, cyber security leader, EY Ireland, “they are still playing catch-up with cyber criminals, who continue to find ways around organisations’ security controls and exploit their employees’ lack of awareness to steal money and data.”
“As advisors to clients across Ireland and internationally, we are also seeing an increase in cyberattacks that not only steal data but also destroy it. Indeed, there is a real threat of a significant cybersecurity incident putting an unprepared organisation out of business for good, so there is an onus on companies to protect themselves by stepping up their focus and investment in tackling this threat,” said Callaghan.
Knowledge and awareness
The survey also found that knowledge and awareness were poor at all levels, with 50% of executives surveyed saying their boards had insufficient knowledge of information security to fully evaluate the risks faced by the organisation, and the measures it is taking. This does however, mirror the global position.
It is small wonder, says the report, that only one in five (20%) organisations fully consider cybersecurity implications in their business strategy and plans, but at least 44% are planning a more thorough consideration.
Employee awareness too was exposed as a significant vulnerability for Irish companies when it comes to dealing with cyberattacks. According to the survey, careless or unaware employees (36%) topped the list of factors increasing an organisation’s risk exposure.
Compounding this, says the survey report, poor employee awareness and behaviour was perceived by the vast majority (85%) of executives as the biggest risk in relation to the increased use of mobile devices in the organisation, with a further 39% stating that it was the leading cause of the most significant cyberbreach experienced by their company in the past 12 months.
It is therefore no surprise, the report asserts, that security awareness topped the list of priorities for both Irish and global organisations in the next 12 months, with three in four (75%) executives ranking it as their highest priority.
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers