Fears large numbers of businesses are not reporting data breaches

14 Jul 2016

Data breach danger as cyber crime is being underreported by Irish firms

Irish businesses that have been victims of data breaches or have been held to ransom by hackers are not declaring this to the authorities or their customers or suppliers, in effect, spreading the danger, according to new research.

New research by Ward Solutions found that almost half (46pc) of businesses surveyed would not disclose a data security breach, possibly fearing the adverse publicity.

This is a concern when you consider that, only three years ago, some 80,000 customers of SuperValu and Axa’s Leisure Break schemes had their credit card details captured by hackers in a major data breach.

The finding in the research that a third of the businesses surveyed have already suffered a serious data breach in the past year suggests a considerable number of firms have not yet informed the Data Protection Commissioner – as they are legally required to do – or their customers or suppliers.

‘There’s a worrying trend that cybercrime is being under-reported in Ireland’
– PAT LARKIN, WARD SOLUTIONS

Never mind the legal aspect of this, they are in effect spreading the risk to innocent parties.

Two-thirds of businesses that have been held to ransom in Ireland by data thieves have on average paid over less than €1,000.

The survey was carried out among 133 senior IT professionals and decision-makers in Ireland.

“There’s a worrying trend that cybercrime is being under-reported in Ireland,” said Pat Larkin, CEO of Ward Solutions.

“Customers place their trust in the companies they deal with and it is every business’ obligation to be transparent with those customers and inform them of any risk to their data. However, we do expect that more robust compliance obligations will drive reporting levels up in the near future.”

A data breach is one thing, a breach of trust is another

Pat_Larkin_Ward_Solutions

Pat Larkin, CEO, Ward Solutions

The study shows a considerable lack of preparation or understanding of data security by the management of companies.

23pc of firms do not have policies or controls in place for third-party handling of data and 26pc of respondents indicated that their organisation does not have a policy in place to conform to Privacy Shield legislation.

Almost a third of IT decision-makers in Ireland do not believe their boards understand security threats.

If this is indeed the case then the IT leaders need to show leadership and get their boards to wise up before they become headline news.

“Data breaches and ransomware attacks are continuing to grow at pace in Ireland,” Larkin said.

“They often lead to significant brand and financial damage through poor handling of the situation. A data compromise requires a quick, controlled response from the entire business.

“It’s essential that Irish organisations put comprehensive crisis management plans and systems in place to remain protected and ensure survival in the event of an attack,” Larkin said.

Data breach infographic

Mapping the Cybersecurity Landscape - infographic

Data breach image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com