Cyber-crime: the greatest global threat to
business today

  • Share
  • 65% of Irish respondents cite an increase in external security threats
  • 24% of Irish companies expected to increase security budget over next 12 months
  • 65% cite insufficient budgets as their number one challenge

Monday 10 December 2013: With information security functions not fully meeting the needs in 83% of organisations, 93% of companies globally are maintaining or increasing their investment in cyber-security to combat the ever growing threat of attack, according to a recent survey released by EY.    

Under cyber-attack – The 16th EY annual Global Information Security Survey 2013, tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives across 64 countries. The respondents included a number of Irish organisations across major industry sectors such as financial services, utilities and technology.

Ivan O’Brien, Director at EY Advisory Services commented: "The ever-increasing reliance of business on IT, rising complexity in supply chains, rapid changes in technology and an aggressive cyber threat environment mean that this issue is going to get worse before it gets better. It is no longer a question of if, but when, a company will be the target of cyber-attacks”.

Austerity measures brought on by the global economic crisis has increased the risk of security breaches which benefit cyber criminals, such as those involving bank accounts or payment card data.  Despite half of the respondents planning to increase their budget by 5% or more in the next 12 months, 65% cite insufficient budgets as their number one challenge in order to operate at the level business expects. This challenge exists against a backdrop where 65% of Irish organisations cite an increase in external security threats and 35% of Irish organisation cite an increase in internal vulnerabilities in the past year.

Hugh Callaghan, Director, EY EMEIA Financial Services Advisory commented: “Ireland is rightly making a big economic play in the high tech and software sectors, but in order for this to be sustainable it has to be built on solid foundations of strong cyber-security”.

While most global organisation still have Information Security reporting to IT (Globally 62% v 59% in Ireland) almost half (46%) of global respondents have information security reporting to the CIO, whereas in Ireland this figure was approximately half that at 24%. Callaghan commented: “This reinforces the idea that security is a technology issue rather than a business problem. Reporting within the CIO or risk domain would arguably help bring security closer to the business and make it more directly involved in supporting the business strategy”.

When it comes to Cyber-security, Ireland’s top three inhibitors are; budget constraints, governance issues and lack of executive awareness and support. “This could indicate that despite frequent reporting to senior management, that information security functions still aren't receiving the support they need to be effective”, said Hugh Callaghan.

This year’s global results show that companies continue to invest heavily to protect themselves against cyber-attacks, particularly in terms of intelligence-led initiatives, security monitoring and business user awareness. However, the number of security breaches is also on the rise. Thirty-one percent of global respondents report the number of security incidents within their organisation has increased by at least 5% over the last 12 months. Many have realized the extent and depth of the threat posed to them; resulting in information security now being ‘owned’ at the highest level within 70% of the organisations surveyed.

Callaghan commented: “There is no room for complacency as Irish organisations are clearly not making the same level of investment in information and cyber-security as global peers with just 24% of Irish companies expected to increase security budget by 5% or more over the next 12 months compared to 49% globally. “This presents a risk of falling behind in terms of organisations' ability to protect themselves from harm and also for Ireland Inc. to be regarded as a safe place to do business”.

Cybercrime is the greatest threat for organisations’ survival today. While budget allocations toward security innovation are inching their way up, enabling organisations to channel more resources toward innovating solutions that can protect them against the great unknown – the future – many information security professionals continue to feel that their budgets are insufficient to address mounting cyber risks.

Key findings at a glance comparing global responses with those from Ireland:

Global survey results

Irish respondents

  • Business continuity, cyber threats and data leakage are the top priorities for the coming 12 months
  • Business continuity and data leakage match the top two priorities, but cyber threats only feature towards the bottom of the top 10
  • 17% of organisations said that their information security function fully meets their needs
  • Almost identical in that information security function fully meets needs in only 18% of organisations
  • 49% of companies expect to increase security budget by over 5% over the next 12 months
  • Just 24% of companies expect to increase security budget by 5% or more over the next 12 months
  • 34% of organisations will spend more on managing cyber threats and cyber risks
  • Only 18% of organisations will spend more on managing cyber threats and cyber risks
  • 48% of information security functions present to the board or top governing function on a monthly or quarterly basis
  • 65% of information security functions present on a monthly or quarterly basis
  • 46% of information security functions report to the CIO rather than the IT function
  • 24% of information security functions report to the CIO, with 59% reporting within the IT or 'other' functions