Lack of investment in cyber security leaves many Irish businesses feeling exposed
More than half of Irish cyber security teams (52%) fear they are exposed to a major breach which could be avoided if their businesses invested more in their cyber defences, according to the EY Ireland Global Information Security Survey 2021.
Cyberattacks are increasing in frequency and impact with 90% of Irish businesses saying they have seen a rise in disruptive attacks in the last 12 months compared to 72% globally.
Irish respondents feel more exposed than their global peers due to a shortfall in funding. Globally, 36% of respondents say they are more exposed to a major breach than they would be if their businesses had committed sufficient resources to their cybersecurity defences. In Ireland, the figure was 52%, with 44% stating that their budgets were too low to handle the new challenges which have emerged over the last 12 months.
Carol Murphy, EY Ireland Consulting Partner and Head of Technology Risk, commented: “Cyber attacks are becoming more frequent, more damaging, longer lasting and harder to anticipate. Irish businesses overall express confidence in their ability to manage evolving threats. The majority (60%) say they are confident in understanding and anticipating new strategies used by bad actors, which is encouraging.
“Where improvement can be made is by creating heightened awareness of these threats at board and executive level. There is a tendency for cyber security to get lost on the priority list and this can leave the entire business exposed. With the regulatory burden rapidly increasing, however, boards are beginning to wake up to the threat posed and to the level of resourcing required, and not before time.”
Barriers to Communication
Only 30% of Irish respondents feel that their executive management fully understands the value and needs of the cyber security teams compared to 42% globally.
The survey suggests relationships between the cyber teams and senior leadership within their organisations are underdeveloped. More than two-thirds (68%) of respondents say that their teams are sometimes consulted too late or even not at all when their organisations make strategic decisions.
Carol Murphy concluded: “The GISS survey highlights a number of gaps between Irish businesses and their international counterparts. These are partly due to budgetary constraints but also stem from a lack of internal communication and a perceived disconnect between cyber security and executive teams.
“Given the global public health emergency, it is understandable that allowances have been made in some cases to facilitate rapid implementation of working from home policies. As remote and hybrid working become part of normal working life, however, businesses need to address the resulting security gaps as a matter of urgency.”