Irish businesses and public sector agencies spent on average €240,000 in the past year to tackle cybercrime and security breaches, a survey of senior IT professionals has found. The total covers the cost of protecting data, responding to incidents, and repairing damages caused by hacking, identity theft, malware and other forms of cybercrime. The survey found 45.9 per cent of IT leaders said they spend more time dealing with information security issues than before.
Almost one in two respondents said they suffered an attempted spear phishing attack which targets specific individuals who often have authority to make funds transfers. The messages include a personalised cue to make them appear genuine and increase the chances the recipient will mistakenly give money to a third-party bank account or download malicious software. The survey reports 15 IT professionals, nearly 8 per cent of the total, said the attack was successful and 34.6 per cent didn’t know.
Close to three quarters of IT professionals rated reputational and brand harm as the biggest security risk to their organisation, followed by loss of confidential or proprietary data, and disruption to critical operations. Just under half (48.4 per cent) said they prioritise security spending based on the greatest risk to the business but 26.4 per cent said they don’t.
The survey of 263 senior IT professionals working in large enterprises, small businesses and public sector agencies in Ireland was carried out by TechPro magazine on behalf of Ward Solutions, an IT security company.
The €240,000 figure was calculated by asking respondents to give the total financial cost of cybercrime and dividing by the number of replies. For 12.3 per cent of organisations, it was between €10,000 and €50,000, and 6.9 per cent spent between €50,000 and €100,000. Some 20 organisations, or 7.7 per cent of the total, spent between €100,000 and €500,000 per year on dealing with cybercrime and protecting their data.
It reports that 31.5 per cent said they spent nothing on security in the past year. "They're the ones that really struggle in the event of a breach because they have no preparation, and no security maturity in terms of their operations," said Pat Larkin, CEO of Ward Solutions.
Professor Joe Carthy, director of the Centre for Cybersecurity & Cybercrime Investigation at UCD, described some of the survey results as "worrying". Referring to the finding that only 24.9 per cent of respondents are very confident of being able to retrieve work or personal information after a security issue, he said: "It appears that many respondents are not investing enough in contingency measures to make sure they can get at their electronic records in the event of an incident."
He added: “I think that it’s the culture that needs most looking at. People have to be educated to realise that this is serious and that a business, small or large, can fold if it does not look after its cyber assets.”