Only a quarter of Irish firms confident about cybersecurity

Survey also reveals worrying level of complacency among Irish organisations

Companies that feel the worst could never happen to them are being ‘naive’. Photograph: iStock

Companies that feel the worst could never happen to them are being ‘naive’. Photograph: iStock

 

Three in four Irish organisations are worried about cyber threats, a new survey from Microsoft has revealed, with only one in four saying they are confident they can respond effectively to a security threat.

But despite the concerns around security, the survey reveals a level of complacency among Irish organisations.

“It reinforces what we found last time – that organisations are significantly exposed to the risk of a cyber attack, and in living up to their GDPR commitments,” said Des Ryan, solutions director of Microsoft Ireland.

Some 70 per cent of big organisations had experienced some sort of attack, such as phishing, hacking or cyber-fraud.

Despite experiencing a cyber attack on their organisation, more than a third of large firms that had been hit still allowed staff full access from their personal and mobile devices, and among organisations employing more than 500 people, 22 per cent said they did not put restrictions in place for employees working from home.

Companies that felt the worst could never happen to them were being “naive”, Mr Ryan said, warning the risk to companies was very real. “In the cyber world, geography is no longer relevant,” he said. “Everyone is a target; everyone has some in their environment and everyone has a price they are willing to pay to get it back.”

Seven in 10 organisations did not allow employees to access the work network from a personal or mobile device. But tech-savvy employees were finding ways around the blocks, with a previous survey in 2019 showing that almost half of employees were bypassing their organisation’s cybersecurity measures by using their own email.

Company training

Part of the blame lies with company training and measures.

“It’s not just about end users, although end user behaviour leaves a lot to be desired,” said Mr Ryan. “Enterprises need to raise awareness and educate their people. End user behaviour is often driven by the systems that are in place.

“A gap exists between organisations’ view of how secure they feel they are, versus the reality where their organisational security habits are leaving them open to data loss or hacking. Iterative security policies and poorly implemented planning have spawned some bad employer habits.”

The Microsoft survey found just under half of IT decision-makers had no security concerns moving their data or systems to the cloud. But a separate survey by IT solutions company Logicalis Ireland found that almost a quarter of companies were concerned about losing data to the dark web when it came to cloud security. Data breaches topped the list of concerns, at 70 per cent, human error at 60 per cent, and permanent data loss in third at 44 per cent.

A separate study from global interconnection and data centre company Equinix found 38 per cent of Irish IT decision-makers believed more data breaches would occur as remote working solutions became more widespread. Equinix, which has also announced a joint cloud offering with Irish telecommunications company AirSpeed Telecom, said its research showed 31 per cent of businesses in Ireland experienced latency issues that prevented them from fully supporting employee remote working. Its collaboration with Airspeed, AirSpeed Cloud Connectivity, intended to address some of these issues.