Irish firms neglect cyber security legal requirements
Cyber risk study conducted by Red C for A&L Goodbody find most firms not fulfilling basic requirements
John Whelan: “As cyber risk becomes more sophisticated, and more prevalent, businesses are exposed to increasing risk to their reputation and their bottom line.”
The study, conducted by Red C for A&L Goodbody, found a significant majority of companies are not fulfilling basic legal requirements when it comes to cyber security.
Some 65 per cent of survey respondents had no written cyber security policies in place, and 59 per cent had provided no training to employees on what to do in the event of a cyber attack.
Half of companies surveyed said their data is stored by a third party off-site, and within this group, 44 per cent said they didn’t know their supplier’s cyber security attack policy.
Less than a third (27 per cent) of companies surveyed said they were fully prepared to deal with an attack and, when prompted, 63 per cent cited a lack of awareness of their company’s legal obligations as their biggest challenge.
John Whelan, head of A&L Goodbody’s international technology practice, said boards and senior management must have policies in place to protect their business should a cyber incident occur. “As cyber risk becomes more sophisticated, and more prevalent, businesses are exposed to increasing risk to their reputation and their bottom line,” he said.
He said companies are getting technically ready for cyber attacks, but not legally ready.
“There is no stigma about being the subject of a cyber attack. It’s all how you respond to it. The companies that come out the best, have handled it the best.”
Meanwhile, the Central Bank of Ireland is said to be reviewing the cyber security policies and procedures of asset managers, amid fears the investment industry has been slow to tackle the threat of cyber crime. Teams from the bank have begun to carry out on-site inspections at a number of fund managers, investment firms and stockbrokers.