EY report claims 55pc of Irish firms unlikely to detect sophisticated cyberattacks

19 Jan 2017

Broken padlock. Image: Sanit Fuangnakhon/Shutterstock

A new report from EY into organisations’ preparedness for cyberattacks – both common and sophisticated – has shown that greater investment is needed as the number of attacks grows rapidly.

EY’s Global Information Security Survey (GISS) was conducted among 1,735 C-suite leaders and information security and IT executives, 54 of which were based in Ireland.

Most notably from a global perspective, the report has shown that at least 57pc of those surveyed had one or more significant cybersecurity threats during the past year.

Lack of progress

This might appear unsurprising, given that the survey found that over the course of the last two years, the number of such incidents has increased by as much as 30pc.

Focusing on Ireland, EY said that with a smaller pool of executives to work from, the number of organisations to have had a significant attack increased to nearly three-quarters (72pc).

This would indicate an increase of 29pc based on the previous survey in 2014.

Perhaps of greatest worry to some of Ireland’s largest organisations, 55pc of those surveyed said that they believe their organisation is unlikely to detect a sophisticated attack on their business.

This figure remains almost identical to this time two years ago, indicating a worrying lack of progress for organisations in terms of cybersecurity.

Screenshot via EY

Image: EY

When compared with the global figures, 33pc of executives said that their organisations were equally unprepared, marking a noticeable decline on the same figure two years ago (56pc).

For Irish executives, one of the greatest stumbling blocks appears to be funding, with more than two-thirds of respondents saying that up to 50pc more budget was needed to keep their organisation within its risk appetite.

However, this hasn’t stopped Irish firms from realising the financial damage that could accompany a major cyberattack incident.

Growth areas shown little interest

EY found that the adoption of cyber insurance is maturing more rapidly in Ireland than elsewhere, with 39pc of Irish respondents insured to meet their needs – 50pc more than the global average – and a further 20pc actively looking for appropriate cover.

Commenting on the findings, EY Ireland cybersecurity leader Hugh Callaghan said: “Our research shows that while Irish businesses are now more focused than ever on managing cyber risk, they are still playing catch-up with cyber-criminals.

“[They] continue to find ways around organisations’ security controls and exploit their employees’ lack of awareness to steal money and data.”

Interestingly, from a global perspective, areas where the nearly 2,000 executives expect their companies to spend the least on for security are some of the technologies identified as the next major growth areas, including cryptocurrencies, robotic automation, AI and internet of things.

Despite an apparent lack of investment in cybersecurity in Ireland, the country was recently found to have one of the highest demands for cybersecurity roles among 10 major nations, but is struggling to fill these positions.

Colm Gorey was a senior journalist with Silicon Republic