Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
    • Insights

    Ward Solutions’ survey finds that nearly a fifth of…

    Ward Solutions' whitepaper - image
    The results of Ward Solutions’ 2016 Information Security Survey are compiled in the ‘Mapping the Cybersecurity Landscape’ whitepaper, which is available for download here.

    Ward Solutions’ survey finds that organisations consider cloud storage to be the safest way to store data, yet nearly a fifth admit to not knowing where their data is.

    Earlier this month, Ward Solutions revealed the results of its 2016 Data Protection and Compliance survey, which was conducted in association with TechPro magazine. The results were eye-opening, revealing that almost half of Irish businesses would not disclose an incident of data breach to impacted third parties such as customers and suppliers. What’s more, 33% stated that they had suffered a data breach in the past 12 months, a statistic which suggests that almost half of businesses have failed to notify affected third parties of incidents of cybercrime.

    As well as looking at cybercrime, the survey also investigated trends in data storage, asking IT professionals whether they were more or less concerned about data that was being stored in-cloud or in third party premises, or that held on their own premises. More than 60% of respondents stated that they believed cloud storage to be equally safe or safer than on premise storage. This response reflects Ward Solutions’ experience increasing acceptance and adoption of cloud storage among customers as a viable alternative to on premise storage. Due to the increasingly systemic approach to risk assessment and increased due diligence of many organisations when it comes to cloud solutions, cloud services can be at least as secure as on premise, if not more so.

    Cloud storage - image
    More than 60% of respondents said that they consider cloud storage to be as safe or safer than on-premise storage, but nearly a fifth don’t know where their data is located.

    Despite this, many organisations admit to being unaware of where their data is located, with nearly a fifth (18.8%) stating that they were not at all confident or that they did not know where their data was. Ward’s due diligence investigations of data processing supply chains reflect this lack of awareness. Despite assurances regarding data location and handling from organisations at the higher levels in the supply chain, weak application of processes and controls or lack of visibility and understanding of data processing and handling by sub suppliers can lead to data being left vulnerable to attack or theft.

    In order to maintain the security of data in the supply chain it is important to conduct security compliance audits on an ongoing basis. Since third party access to data typically presents a higher risk than own staff access, the verification of the application of processes and controls is important to manage this risk. What’s more, Ward has noted the emergence, particularly in the last 12 months, at enterprise B2B level, of onerous supply chain due diligence and contracting. This suggests that organisations that currently don’t conduct audits of third party access to data will need to change rapidly if they plan on continuing to do business with these enterprise customers.

    Ward’s view is that, in the next 24 months, most organisations planning on doing business at enterprise B2B level will need to display ISO 27001 certification in order to be selected or re-validated as a supplier. As well as this, the recent appointments at GCIO level mean that similar procedures may be implemented at public sector and government level in the not-so-distant future.

    To find out more about Ward Solutions’ 2016 Information Security Survey read our blog on the results. To learn more about Ward Solutions’ ISO 27001 accreditation consultancy offerings visit https://www.ward.ie/ or call +353 1 6420100.

    News

    Survey: Almost half of Irish businesses would hide data…

    Ward Solutions has revealed the results its 2016 Information Security Survey which found almost half (46%) of Irish businesses wouldn’t disclose a data security breach to impacted third parties, including customers and suppliers. This is despite 33% of Irish businesses admitting that they have suffered a data breach in the past 12 months.

    The survey findings also show that organisations lack transparency when it comes to reporting security incidents that concern third parties and are under-prepared to tackle them when they occur. The survey was carried out among 133 senior IT professionals and decision makers in Ireland.

    More than one-quarter (26%) of respondents admitted that they have no official crisis management plan to deal with potential data breaches. A further 33% indicated that their organisation does not have a policy in place to conform to the new Privacy Shield legislation. 32% feel that their board of directors does not understand the potential security threats to their business. In addition, 42% of IT professionals believe their business growth is being hindered by IT security concerns and precautions.

    The survey also found that while 63% of businesses expect to spend more on their IT security in the next 12 months, a considerable number of Irish IT leaders are unsure about the location of their critical data and who is handling it. Almost one-quarter (23%) don’t have policies or controls in place when it comes to third-party access to data. As a result, some 18% of respondents admitted that they don’t know where, or by whom, data handled by third parties in the supply chain is held.

    In fact, respondents also had their doubts about the trustworthiness or expert knowledge of the people handling their data – including their own staff and also employees on the supply chain – 10% said that they are not at all confident in them. Despite this, a worrying 28% said they audit for compliance in data handling policies less than once per year, with 14% admitting they don’t audit data handling at all.

    Pat Larkin, CEO, Ward Solutions, said: “It is crucial for all Irish businesses to know exactly where their data is at all times and who is handling it. A lack of that knowledge puts organisations, and their customers, at greater risk of being attacked. It’s a major concern that almost half of Irish companies would not inform their customers, partners or suppliers that their information has been compromised through a data breach. “There’s a worrying trend that cybercrime is being under-reported in Ireland. Customers place their trust in the companies they deal with and it is every business’s obligation to be transparent with those customers and inform them of any risk to their data. However, we do expect that more robust compliance obligations will drive reporting levels up in the near future.”

    Also revealed in the survey were the figures demanded by hackers in ransomware incidents. Two-thirds of those who have been held to ransom said the ransom demand they faced was less than €1,000. This indicates a growing trend amongst cyber criminals to demand smaller fees that are more likely to be paid – especially by smaller enterprises. However, 58% of companies surveyed said they wouldn’t pay a ransom, no matter what the demand. 

    “Data breaches and ransomware attacks are continuing to grow at pace in Ireland. They often lead to significant brand and financial damage through poor handling of the situation. A data compromise requires a quick, controlled response from the entire business.  It’s essential that Irish organisations put comprehensive crisis management plans and systems in place to remain protected and ensure survival in the event of an attack,” concluded Pat Larkin.

    The complete results of Ward Solutions’ 2016 Information Security Report can be downloaded here.

    Note
    This survey was commissioned by Ward Solutions and carried out by TechPro in May and June 2016 among 133 senior IT professionals and decision-makers in Irish-based businesses, which were typically larger enterprises.