Irish firms ‘woefully unprepared’ for new EU data protection law
Over half of organisations admit they would be unlikely to detect a sophisticated attack
Hugh Callaghan, cyber security leader of EY Ireland: “Irish businesses are still playing catch-up with cyber criminals.”
Irish companies are “woefully unprepared” for a major new EU-wide data protection law, which comes into effect next year, a leading IT expert has warned.
Speaking ahead of the announcement of a new cyber security conference to be held in Dublin in early March, Ronan Murphy, chief executive of the IT services firm Smarttech and chairman of IT@Cork, said the Government must do more to help organisations become aware of the legislation.
The General Data Protection Regulation (GDPR), which comes into force in May 2018, is the biggest data protection legislation to be passed in the history of the European Union.
The regulation governs the privacy practices of any company handling EU citizens’ data, whether or not that company is located in the EU. It also requires that public authorities and certain companies processing personal data on a “large scale” must have an independent data protection officer.
“It’s mind-blowing quite how unprepared Ireland is for GDPR, which has tremendous implications for companies of all sizes,” said Mr Murphy.
He was speaking at the announcement of the Zero Day Conference, to take place in the Convention Centre Dublin on March 7th. The meeting will provide C-suite leaders and senior IT executives with insights into the cyber threats facing their sectors.
Among the keynote speakers will be Kurt Pipal, the FBI’s assistant legal attache who represents the agency in London on cyber matters.
Mr Murphy’s comments come as a new survey shows cyber security attacks against Irish businesses have jumped by 29 per cent in the past two years. According to the EY survey of 1,735 business executives and IT professionals, three-fourths of firms have come under siege.
Despite this, some 55 per cent of business leaders say their organisations would be unlikely to detect a sophisticated attack.
The survey shows Irish businesses are more likely to be the victim of an attempted cyber security incident than many of their counterparts in other countries.
Irish companies are also considerably less prepared to deal with cyber attacks: 15 per cent of firms say they currently have no breach detection capability in place. A further 42 per cent said they did not have a communications responses strategy for incidents involving compromised data.
More than two-thirds of respondents, both in Ireland and globally, said that up to 50 per cent more budget was needed to mitigate against growing cyber threats. Some 65 per cent of Irish executives said their information security budget had risen over the past 12 months.
The research also found that the adoption of cyber insurance is maturing more rapidly in Ireland than elsewhere, with nearly two in five respondents already having a policy that meets their needs. This is 50 per cent more than the global average. A further fifth of Irish companies said they were actively looking for appropriate cover.
In related news, a new global study by Indeed shows Ireland has the second highest demand for cyber security professionals in the world, behind Israel.
Indeed said the demand was due to the fact that Ireland is a booming tech and business hub and that more than 1,200 multinationals, including Google, Facebook, Microsoft and Dell, have significant operations in the country.