The survey, carried out by Deloitte, in association with EMC, also found the cost of each major incident was €41,875 on average and that 42% of respondents suffered a loss of productivity as a result of cybercrime attacks.
However, just over half of respondents indicated that their organisation did not experience any security breaches in the past year.
Survey results show that hacking was the most common method used to breach security in organisations, as identified by 38% of respondents.
Other common causes of attacks included privilege misuse, physical attacks, and malware. Half of all respondents identified employees and their activities as the biggest challenge in information security.
Enterprise Risk Services partner, Deloitte, Colm McDonnell said: “Interestingly, just 45% of respondents indicated that cybercrime was a priority in terms of risk to the organisation.
“Given that the survey results show that the average cost of a large cybercrime incident for a business is €41,875 and the business outage that this can cause, we believe more organisations should be giving this a higher priority status.
“Irish organisations have never faced such a myriad of advanced technological threats and attacks on their digital and critical assets. Irish organisations need to ensure that their efforts in this area are aligned sufficiently with other business efforts and risk management practices.”
Ireland country manager for cloud and big data multinational EMC, Jason Ward, which owns global IT security company RSA, said: “The survey results show that today’s IT organisations are in a constant state of compromise from new threats that are persistent, dynamic, and intelligent — and Irish businesses and public sector organisations must be better prepared to protect themselves from attacks that can cost money, time, information and productivity gains.”
The survey found main motivations for investment in information security efforts in Irish organisations are compliance and reporting, as identified by 45% of respondents, followed by the ability to demonstrate the effectiveness of the security programme (30%).
The top security initiatives identified were information security training and awareness (23%), data protection (21%), regulatory and legislative compliance (21%), and cyberthreat programmes (14%).