Lack of funding in cyber defences puts Irish businesses at risk, survey finds

Companies face increased risk from cyberattacks in past 12 months

The survey found 90 per cent of companies had seen a rise in cyberattacks in the past 12 months. Photograph: iStock
The survey found 90 per cent of companies had seen a rise in cyberattacks in the past 12 months. Photograph: iStock

Irish businesses are facing an increasing risk from cyberattacks, but more than half fear exposure to a major breach due to a lack of funding in their defences, a new survey has found.

The EY Ireland Global Information Security Survey 2021 said 90 per cent of companies had seen a rise in cyberattacks in the past 12 months, compared to 72 per cent globally.

Despite that rise, 44 per cent of teams say they are lacking the budget to sufficiently manage the new challenges that were presented in the past year, and 52 per cent say they are more exposed to a major breach than they should be due to a shortfall in investment in their defences, compared to 36 per cent globally.

"Cyberattacks are becoming more frequent, more damaging, longer lasting and harder to anticipate. Irish businesses overall express confidence in their ability to manage evolving threats. The majority (60 per cent) say they are confident in understanding and anticipating new strategies used by bad actors, which is encouraging," said Carol Murphy, EY Ireland Consulting Partner and Head of Technology Risk.

READ SOME MORE

Less than a third of respondents in Ireland said their executive management understands the value and needs of their cyber security teams, falling behind the 42 per cent of respondents globally.

“The GISS survey highlights a number of gaps between Irish businesses and their international counterparts. These are partly due to budgetary constraints but also stem from a lack of internal communication and a perceived disconnect between cyber security and executive teams,” said Ms Murphy.

“Given the global public health emergency, it is understandable that allowances have been made in some cases to facilitate rapid implementation of working from home policies. As remote and hybrid working become part of normal working life, however, businesses need to address the resulting security gaps as a matter of urgency.”

There was also a significant disconnect between cyber teams and senior leadership within their organisations, with 68 per cent saying their teams are sometimes consulted too late or left out of the loop altogether when strategic decisions are being made.

“Where improvement can be made is by creating heightened awareness of these threats at board and executive level. There is a tendency for cyber security to get lost on the priority list and this can leave the entire business exposed,” Ms Murphy said. “With the regulatory burden rapidly increasing, however, boards are beginning to wake up to the threat posed and to the level of resourcing required, and not before time.”

The EY Global Information Security Survey 2021 is based on a global sample of 1,430 senior cybersecurity executives; 50 were headquartered in Ireland.

A separate study from digital infrastructure company Equinix found 79 per cent of decision-makers in Ireland feel that cybersecurity is critical to their organisation’s success.

Some 37 per cent of respondents said data leaks and cyberattacks, as a result of more distributed user devices, were a top threat, with 40 per cent saying changing regulatory requirements around data privacy posed a threat.

Almost 40 per cent of Irish respondents said they feared data leaks and cyberattacks due to increased cloud adoption, lower than the 48 per cent of worldwide respondents.

The majority of Irish companies said improving their organisations’ cybersecurity was a top priority, in keeping with the global level at 81 per cent.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist