A third of Irish companies experienced a breach in last year

Pro

3 July 2012

The first annual Irish Information Security and Cybercrime survey, carried out by Deloitte, has found that almost a third (32%) of Irish companies experience and IT security breach in the last year.

The survey also established that the average cost per incident was €41,875, while 42% of respondents admitted to a loss of productivity as a result of cyber-crime attacks.

"Interestingly just 45% of respondents indicated that cybercrime was a priority in terms of risk to the organisation," Colm McDonnell, partner, Enterprise Risk Services, Deloitte. "Given that the survey results show that the average cost of a large cybercrime incident for a business is €41,875 and the business outage that this can cause, we believe more organisations should be giving this a higher priority status. The reality is that Irish organisations have never faced such a myriad of advanced technological threats and attacks on their digital and critical assets. Irish organisations need to ensure that their efforts in this area are aligned sufficiently with other business efforts and risk management practices."

However, McDonnell qualified that average cost per incident figure somewhat by saying that it was on the conservative side. When questioned on the figure, he said that this figure did not include the cost to fix the breach, only the direct impact.

Survey shows that hacking was the most common method used to breach security in organisations, as identified by 38% of respondents, but other common causes of attacks included privilege misuse, physical attacks and malware. Half of all respondents identified employees and their activities as the biggest challenge in information security.

Just 57% of respondents felt that they have an information security programme that functions adequately, with 40% of respondents indicating that security risks are regularly assessed in their organisations and that strong security practices are in place. Encouragingly, just 3% said that they handle incidents in a purely reactive manner. However, just 12% of respondents would describe their organisation as a frontrunner in terms of information security.

Technical threats or attacks (29%) were also identified by respondents as challenges being faced by organisations, which could suggest that employee knowledge of information security and procedures is insufficient, said Deloitte. In fact, the survey said found that only 60% of respondents indicated that users receive regular awareness training. Worryingly, 68% of respondents noted that following internal or external breaches no action was taken. Furthermore, only 4% of incidents led to a successful prosecution.

For more detail on this story see the July/August edition of ComputerScope, available 13 July.

TechCentral Reporters

Read More:


Back to Top ↑

TechCentral.ie