Almost six in ten Irish businesses (57%) do not regularly update their software, while more than half (51%) fail to run regular automated data backups, indicating a worrying lack of protection against cyber criminals. Furthermore, just four in ten (39%) Irish organisations report having provided cybersecurity training to their staff, one of the most effective methods of preventing cyber incidents.
These findings come from new research conducted by insurance broker and risk management firm Gallagher in Ireland. The company commissioned a survey of 300 business decision-makers across the UK and Ireland, 100 of whom are based in Ireland, to assess what critical cybersecurity tools organisations are using to protect themselves.
Experts at Gallagher warn that, despite these basic gaps in protection, nine in ten (92%) Irish businesses believe they are adequately protected against cyber-attacks highlighting a disconnect between perception and reality.
Commenting on the survey findings, Laura Vickers, Managing Director of Commercial Lines at Gallagher in Ireland said:
“Our research suggests that there is a mismatch between how well protected businesses in Ireland believe they are against cyber attacks – and the steps they have taken to manage such threats. Regularly updating software is a very basic step but it is crucial for cybersecurity, as updates often include security patches that address vulnerabilities and this in turn could potentially prevent cyber attacks and data breaches. Yet our survey shows that only 43% of Irish businesses do this.
“Automatic data backup is another crucial cybersecurity measure, as it helps protect against data loss from various incidents – such as ransomware attacks, hardware failures, and accidental deletions. Automated backups are considered more reliable and less error-prone than manual backups. Yet only half of Irish businesses run regular automated data back-ups.”
When asked what steps Irish organisations take to protect themselves against cyberattacks, Gallagher found:
- 49% conduct regular automated data back-ups
- 48% use multi-factor authentication for all applications utilising remote access
- 43% conduct regular updates of software
- 41% run system vulnerability scans
- 39% provide training for all staff on cybersecurity
- 38% use multi-factor authentication for employee email accounts
- 36% undergo regular data back-ups
Ms Vickers added:
“Cybercrime is no longer a niche or occasional risk – it’s a persistent, evolving threat that affects almost every organisation in some shape or form. Training and awareness are crucial when it comes to protecting an organisation against cybercrime – such training will not only equip staff with the skills they need to spot a potential cyberattack, it will also help them protect their business against such an attack. Yet less than four in ten of the businesses in our survey have trained staff in cybersecurity, which is a big oversight.”
Other headline findings from the Gallagher research reveal that:
- Almost two-thirds (64%) of Irish businesses believe they are “very protected” against a cyber-attack, with a further 28% saying they are “quite protected”.
- At 92%, the number of Irish businesses that feel adequately protected against cyber attacks is slightly higher than in the UK, where 89% of firms indicated this to be the case.
- When it comes to the measures taken by firms to improve cybersecurity, UK businesses are more inclined than their Irish counterparts to run regular software updates (71% of UK businesses did so versus 43% of Irish firms) and to train all staff on cybersecurity (57% versus 39%).
- While numbers were still high, the businesses that feel least protected against cyberattacks are those in the professional services (75% of business decision makers said they feel safeguarded against such threats), healthcare (83%), IT/computing (83%) and financial services (89%) sectors.
- The businesses that feel most protected against cyber-attacks are those in agriculture, business services, construction, hospitality and leisure, legal services, marketing/PR, manufacturing, retail andutilities, with 100% of business decision makers in these sectors saying they feel sheltered against such threats.
- Most (94%) Irish businesses have a dedicated cyber insurance policy[3]. This compares to 79% of UK businesses.
Geographic differences
Other highlights of the survey include;
- Munster-based businesses were the most likely to feel protected against cyber-attacks, with 100% of those surveyed indicating this to be the case. Ulster-based businesses were the second most likely to feel protected (94%) followed by Dublin-based firms (92%) and those in Leinster (90%) and Connacht (89%)
- Munster-based businesses were the most likely to train their staff on cybersecurity, with 60% saying they had done so. Almost half (47%) of Dublin businesses had done so. The least likely businesses to have trained their staff in cybersecurity were those based in Connacht (22%), Leinster (24%) and Ulster (38%).
- When it comes to regular automated data back-ups, Connacht businesses (78%) were the most likely to have taken this cybersecurity measure, followed by those in Dublin (51%), Ulster (50%), Leinster (38%)and Munster (20%).
- At 60%, Munster businesses were the most likely to update their software regularly, followed by businesses in Dublin (53%), Leinster (33%), Ulster (31%), and Connacht (22%).
Ms Vickers added:
“Research published by Gallagher earlier this summer found that four in ten (40%) Irish businesses have suffered at least one cyber-attack in the last five years, and of those businesses, 88% suffered a financial loss and commercial disruption. It is important that Irish businesses are not complacent about the threats out there and that they don’t overestimate their cyber resilience or underestimate the potential impact of a cyber-attack.”
See more stories here.