Computer crime given low priority
IRISH FIRMS are failing to treat the threat of computer crime as seriously as they should, a new survey has revealed, with a lack of funding in information security and insufficient employee awareness of threats identified.
According to the survey carried out by Deloitte in association with EMC, fewer than half of respondents said such crime was a priority in terms of risk to the organisation.
More than 60 firms took part in the survey, which highlighted a number of areas in which companies are falling down, including investing in security systems.
About 21 per cent said they invested in security to satisfy regulatory bodies.
“That shows that a serious weakness in the Irish understanding as to what cybercrime is all about,” said Colm McDonnell of Deloitte.
“If the reason an organisation is doing it is to tick a regulatory box, it means that there is an awful lot of risk that hasn’t been identified.”
Almost a third of those surveyed said they had experienced between one and five security breaches in the past year, with 42 per cent suffering a loss of productivity as a result of criminal attacks.
The average cost of such an incident was just over €40,000 but that does not include the cost of fixing the effects of the incident.
“It’s the thin end of the wedge in terms of the overall costs of these,” McDonnell said, adding that the cost of dealing with such an incident can add a significant sum to the eventual end cost.
The most common security breach was hacking, with 38 per cent saying they had been subject to such an attack.
However, McDonnell warned hacking can be both internal and external, with departing employees taking company information with them.
“If an organisation thinks it hasn’t had a data breach, they’re naive,” he said. “Hacking is very broad.”
Firms are also under siege from physical attacks, malware and privilege misuse, the survey found.
Despite this, only a little under half of respondents said they had adequate funding to counter the threat from computer crime.
Only 57 per cent said the information security programme in place functioned adequately.
Where security breaches were identified, 68 per cent of companies said no action was taken, and only 4 per cent of incidents led to a successful prosecution.