- 90% of Irish businesses have seen a rise in cyber attacks in the last 12 months
- 44% of cyber teams say they are lacking the budget to sufficiently manage their cyber-related challenges
- 52% say they are more exposed to a major breach than they should be and require additional investment in their cyber defences
Dublin, 26 August 2021: More than half of Irish cyber security teams (52%) fear they are exposed to a major breach which could be avoided if their businesses invested more in their cyber defences, according to the EY Ireland Global Information Security Survey 2021.
Cyberattacks are increasing in frequency and impact with 90% of Irish businesses saying they have seen a rise in disruptive attacks in the last 12 months compared to 72% globally.
Irish respondents feel more exposed than their global peers due to a shortfall in funding. Globally, 36% of respondents say they are more exposed to a major breach than they would be if their businesses had committed sufficient resources to their cybersecurity defences. In Ireland, the figure was 52%, with 44% stating that their budgets were too low to handle the new challenges which have emerged over the last 12 months.
Carol Murphy, EY Ireland Consulting Partner and Head of Technology Risk, commented:
“Cyber attacks are becoming more frequent, more damaging, longer lasting and harder to anticipate. Irish businesses overall express confidence in their ability to manage evolving threats. The majority (60%) say they are confident in understanding and anticipating new strategies used by bad actors, which is encouraging.
“Where improvement can be made is by creating heightened awareness of these threats at board and executive level. There is a tendency for cyber security to get lost on the priority list and this can leave the entire business exposed. With the regulatory burden rapidly increasing, however, boards are beginning to wake up to the threat posed and to the level of resourcing required, and not before time”.
Barriers to Communication
Only 30% of Irish respondents feel that their executive management fully understands the value and needs of the cyber security teams compared to 42% globally.
The survey suggests relationships between the cyber teams and senior leadership within their organisations are underdeveloped. More than two-thirds (68%) of respondents say that their teams are sometimes consulted too late or even not at all when their organisations make strategic decisions.
Carol Murphy concluded:
“The GISS survey highlights a number of gaps between Irish businesses and their international counterparts. These are partly due to budgetary constraints but also stem from a lack of internal communication and a perceived disconnect between cyber security and executive teams.
“Given the global public health emergency, it is understandable that allowances have been made in some cases to facilitate rapid implementation of working from home policies. As remote and hybrid working become part of normal working life, however, businesses need to address the resulting security gaps as a matter of urgency.”
Notes to Editors
About the survey
The EY Global Information Security Survey (GISS) 2021 is based on a total global sample of 1,430 senior cybersecurity executives, 50 of which were headquartered in Ireland.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit ey.com.