One in Five Irish Businesses held to ransom online, says Ward Solutions survey
In the last year, almost 20% of Irish businesses were held to ransom by cybercriminals, according to the results of a recent survey commissioned by leading information security company Ward Solutions. The survey was carried out among 170 senior IT professionals and decision makers in Ireland just prior to the recent WannaCry attacks, and highlights the scale of the ransomware issue in Ireland.
IT security threats are continuing to rise according to the survey, with 57% of organisations noting an increase in the number of security incidents in the past year. Of those who said that their business was held to ransom, 64% said that the amount demanded by cybercriminals was less than €1,000.
When it comes to paying ransoms, just 14% say that they would pay the ransom if the value of the data merited it. Almost 48% would not pay, regardless of the value of the data that was held to ransom.
GDPR will place more stringent requirements on companies to alert the authorities and data subjects and implement an established incident management plan in the wake of a data breach, but according to the results of Ward’s survey, some companies would not currently fulfil these obligations. 75% say that they would report an incident to the authorities, including the Data Commissioner, but just 53% say that they would report a breach to impacted third parties.
“It’s clear from the results of our latest survey that cyber-crime has continued to grow and evolve over the past 12 months, leaving Irish businesses more vulnerable to attack than ever before. Ransomware continues to present a real threat to companies, affecting one in five of those surveyed. It’s interesting to see that just 14% of organisations would pay the ransom, while almost half would not pay, regardless of the value of the affected data.
“It’s re-assuring to see some organisations responding to the information threat by investing in their security protection, and employee training and auditing. The ‘human firewall’ is consistently one of your greatest strengths or weaknesses when it comes to protecting your information.
“However, the results indicate that there is still room for improvement when it comes to reporting security incidents to the authorities and affected third parties. This will hamper companies’ ability to achieve GDPR compliance, and so organisations need to ensure that they have the systems in place to quickly and effectively react in the wake of a data breach.”
Pat Larkin, CEO, Ward Solutions
Under GDPR, those unable or unwilling to notify regulators or third parties within 72 hours of becoming aware of a breach could find themselves liable to fines of up to €10 million or 2% of global turnover, depending on which is greater. Despite the growing threats and impending legislative changes, 52% of IT decision makers in Ireland say that they do not believe that their board has sufficient understanding of their current information security situation.
Ward’s survey also indicates that Irish companies are becoming more aware of the importance of employee training as part of the overall solution, with almost two thirds (62%) saying that they audit their employees on their awareness of information security best practices.
65% of respondents stated that their cyber security spend will increase in the next 12 months, indicating that companies are responding to the increasing threat level by reinforcing their information security infrastructures.