In a survey of Irish security professionals, many said they feel underfunded and ignored by their organisations’ senior management.
More than half (52pc) of Irish cybersecurity teams feel they are exposed to a major breach that could be avoided with more investment, according to a new report from EY.
EY’s Global Information Security Survey (GISS) 2021 spoke to 1,430 senior cybersecurity executives, including 50 in Ireland. Of these, 90pc said they had seen an increase in attacks in the last 12 months, compared to 72pc globally.
Many Irish security professionals felt that their companies were not taking the issue seriously enough. Less than a third (30pc) said they felt senior management fully understands the value and needs of cybersecurity teams, compared to 42pc worldwide.
‘There is a tendency for cybersecurity to get lost on the priority list and this can leave the entire business exposed’
– CAROL MURPHY
Additionally, more than two-thirds (68pc) said that cybersecurity teams were consulted too late or not at all when executive leadership made strategic decisions, while 44pc said their budgets were too low to handle new challenges that have emerged over the past year.
Carol Murphy, consulting partner and head of technology risk at EY Ireland, commented: “Where improvement can be made is by creating heightened awareness of these threats at board and executive level. There is a tendency for cybersecurity to get lost on the priority list and this can leave the entire business exposed.
“With the regulatory burden rapidly increasing, however, boards are beginning to wake up to the threat posed and to the level of resourcing required, and not before time.”
There were some areas in which Irish teams felt more optimistic than the global average. 70pc of respondents said they felt assured of their supply chain’s ability to defend against and recover from attacks, while only 33pc globally said the same. However, the EY report noted this “suggests that some may be overconfident” in the Irish cybersecurity sector.
But 60pc said that they felt confident in understanding and anticipating new threats and attack strategies, which Murphy described as “encouraging”.
“The GISS survey highlights a number of gaps between Irish businesses and their international counterparts. These are partly due to budgetary constraints but also stem from a lack of internal communication and a perceived disconnect between cybersecurity and executive teams,” she added.
“Given the global public health emergency, it is understandable that allowances have been made in some cases to facilitate rapid implementation of working from home policies.”
However, Murphy cautioned that as remote and hybrid working become part of normal working life, businesses “need to address the resulting security gaps as a matter of urgency”.
Businesses are reporting increases in the number of attacks they suffer, but the intensity and cost of those attacks may be going up too. A recent Palo Alto Networks report found that, in the first half of 2021, average pay-outs in response to ransomware attacks increased by 82pc.