Four in 10 companies have no formal cyber security strategy despite the overwhelming majority of directors identifying it as an important issue for their business.
This apparent apathy within Irish boardrooms is even more pronounced in smaller companies of 100 staff or less — 68% of which have no strategy in place.
A survey conducted by the Institute of Directors in Ireland found that boards are increasingly identifying the threat posed by cyber attacks as among the most serious but that more remains to be done to protect their businesses.
“Managing cyber risk is a concern for the entire organisation and should be led from the top,” said Maura Quinn, chief executive of the Institute of Directors in Ireland.
“With an increasing number of issues coming under the board’s remit, directors need to keep up-to-date in their understanding of the risks facing their organisation including readiness to deal with a cyber breach.
“While it is encouraging that cybersecurity is an increasing priority at board level, it is concerning that 40% of organisations do not have a formal cybersecurity strategy in place and the vast majority (68%) of those without a strategy are small to medium companies with less than 100 employees,” she said,
More than 90% of directors rate their firm’s cybersecurity as “very or quite important” while 85% claim to have a high or medium understanding of the cyber security risks.
The research carried out across 300 members of the institute in conjunction with Irish business law firm Mason, Hayes and Curran claim to have experienced a cyber breach in the past two years.
Computer viruses were to blame in the majority of incidences, followed by the loss or theft of mobile devices and hacked email accounts.
A quarter of affected firms fell foul of data protection breaches such as the inadvertent disclosure of data while almost a fifth had their websites hacked.
“In simple terms, cyber liability is a business’s liability for any data breach in which data, such as customers’ data, is stolen or compromised.
“The consequences of such a breach can be both reputational and financial, so it has never been more important for companies to have robust strategies in place to both prevent and, if necessary, respond quickly to a data breach,” said Mason Hayes and Curran partner Paul Egan.
© Irish Examiner Ltd. All rights reserved