Just 10 per cent of Irish companies believe their information security measures meet the needs of their organisation, with one third of companies reporting a higher number of security incidents in the last year, according to a new survey published today.
Consultancy firm Ernst & Young’s latest Global Information Security Survey, which surveys more than 1,850 executives across 64 countries annually, found 85 per cent of Irish companies reported an increase in risks arising from external attacks, with a third reporting that internal vulnerabilities are also on the rise.
The survey revealed Irish companies are behind their international counterparts when it comes to having an overall security framework in place.
Some 76 per cent of Irish respondents to the survey indicated they had no overall security architecture framework in place. This compares to 63 per cent of global respondents.
Ireland is also out of step with international trends when it comes to spending to information security. The proportion of organisations planning to reduce their security spend over the next year amounted to just 5 per cent globally compared to 24 per cent in Ireland.
Cloud computing continues to be one of the main drivers of business model innovation, with the numbers of organisations using the cloud almost doubling in the last two years. That said, 38 per cent of global and 37 per cent of Irish organisations have not taken any additional measures to mitigate the risks, such as stronger oversight on the contract management process for cloud providers or the use of encryption techniques.
However, advances have been made by Irish companies when it comes to adopting mobile security techniques and software. Some 76 per cent of Irish organisations have mobile encryption and mobile device management software in place. This is in sharp contrast to global organisations, where only 40 per cent are using some form of encryption technique on mobile devices.
Organisations need to fundamentally shift their approach to information security in order to meet the threats presented by existing and emerging technologies, according to Hugh Callaghan, Ernst & Young IT risk and assurance services director.
“Organisations are making gradual improvements to their information security capabilities. However, reliance on short-term solutions exposes organisation to a higher risk of widening gaps in their security controls, leading to breaches as well as increased operational overhead,” he added.