Ward Solutions recently revealed the results of its 2017 information security survey, carried out in association with TechPro magazine. Among the findings, Ward revealed that one-fifth of Irish businesses were held to ransom by cybercriminals in the past 12 months. The survey was carried out among 170 senior IT professionals and decision makers throughout Ireland just prior to the recent WannaCry attacks and the results serve to highlight the scale of the current ransomware issue.
Ongoing risk to organisations of all sizes
According to the survey, IT security threats are continuing to rise, with 57% of organisations saying that they noticed an increase in the number of security incidents in the past year. Of those who said that their business was held to ransom, 64% said that the amount demanded by cybercriminals was less than €1,000. The fact that cybercriminals are continuing to demand small amounts of money enables them to target organisations of every size and highlights the risk that ransomware poses to all businesses, from corporations to SMEs.
When it comes to paying ransoms, just 14% of survey respondents said that they would pay the ransom if the value of the data merited it. However, nearly half (48%) said that they would not pay, regardless of the value of the data that was held to ransom.
Stricter requirements under GDPR
The results of Ward’s survey also reveal a host of findings about Irish organisations’ preparedness for incoming General Data Protection Regulation (GDPR). GDPR will place stricter requirements on companies to alert both the authorities and data subjects in the wake of a data breach. When GDPR comes into force on May 25th next year, businesses will also be obliged to implement an established incident management plan following a data compromise.
However, despite these requirements being less than a year away, the results of Ward’s survey indicate that some companies do not currently fulfil these obligations. While 75% say that they would report an incident to the authorities, including the Data Commissioner, just 53% say that they would report a breach to impacted third parties. Failure to achieve compliance to the regulation and adhere to the guidelines outlined in the new law could leave companies vulnerable to huge fines.
Under GDPR, those unable or unwilling to notify regulators or third parties within 72 hours of becoming aware of a breach could find themselves liable to fines of up to €10 million or 2% of global turnover, depending on which is greater. These fines could have a catastrophic effect on certain Irish organisations, and to protect their interests companies need to ensure that they are aware of the intricacies of the legislation.
Employee training part of the solution
Despite the growing threats and impending legislative changes, 52% of IT decision makers in Ireland and Northern Ireland say that they do not believe that their board has sufficient understanding of their current information security situation.
Companies are becoming more aware of the importance of employee training as part of the overall solution though, with almost two thirds (62%) saying that they audit their employees on their awareness of information security best practices.
65% of respondents stated that their cyber security spend will increase in the next 12 months, indicating that companies are responding to the increasing threat level by reinforcing their information security infrastructures.
Reassuring but still room for improvement
Commenting on the survey results, Pat Larkin, CEO of Ward Solutions, said: “It’s clear from the results of our latest survey that cyber-crime has continued to grow and evolve over the past 12 months, leaving Irish and Northern Irish businesses more vulnerable to attack than ever before. Ransomware continues to present a real threat to companies, affecting one in five of those surveyed. It’s interesting to see that just 14% of organisations would pay the ransom, while almost half would not pay, regardless of the value of the affected data.
“It’s reassuring to see some organisations responding to the information threat by investing in their security protection, and employee training and auditing. The ‘human firewall’ is consistently one of your greatest strengths or weaknesses when it comes to protecting your information.
“However, the results indicate that there is still room for improvement when it comes to reporting security incidents to the authorities and affected third parties. This will hamper companies’ ability to achieve GDPR compliance, and so organisations need to ensure that they have the systems in place to quickly and effectively react in the wake of a data breach.”
To learn more about how Ward Solutions can help to protect your business against the growing cybercrime threat, contact us today. Call 1800 903 552 or e-mail firstname.lastname@example.org