Average company cost of cybercrime incident is €135,000

<a href='http://cdn3.independent.ie/incoming/article29488864.ece/binary/cybercrime-1000.png' target='_blank'>Click to see a bigger version of this graphic</a>

August 10 2013 04:04 AM

A new survey claims that the average cost of a "cybercrime incident" to Irish companies and large organisations was €135,000.

The survey, commissioned by Deloitte and EMC, also claims that online crime costs Irish companies 2.7pc of annual turnover and that the cost of identifying and dealing with "a large security incident" is €29,954.

The survey, which polled multinational and Irish organisations in financial services, insurance, IT and the public sector, found that two in five Irish-based organisations have had at least one security breach in the past year. One in five said that their organisation had suffered between one and five breaches, while 7pc said that their firm had experienced over 20 security breaches.

Asked about the nature of external threats faced by their organisations, 19pc identified hacking as the biggest problem. Fourteen per cent said that so-called denial of service attacks – where attackers overwhelm a company's website with communication requests – were the main issue. And 12pc said that malware (including viruses) was the biggest problem.

Meanwhile, 30pc of Irish firms regard "evolving technological threats" as the biggest potential source of concern to security. Twenty-four per cent said that employees were the biggest future risk, while 13pc identified lack of funding as potential threat in trying to deal with IT security.

Over half of the survey's respondents rated their activities as "good" or "very effective" when asked about the effectiveness of the information security function within their organisations, 21pc considered their activities to be "average" and "predominantly reactive".

In terms of additional security risks, half of respondents said that their organisation had implemented "specialist technologies" to increase mobile security.

"The results show cybercrime attacks are becoming more common and indeed more costly," said Colm McDonnell, enterprise risk services partner in Deloitte.

"A third of respondents indicated that their organisation has identified preventing cybercrime as a priority, yet just the same number of respondents believe that information security efforts are well aligned with the organisation's overall risk strategy."

In terms of investment in cybercrime prevention, 44pc of respondents indicated that there was limited funding available, while a further 14pc believed there to be insufficient funding. However, 44pc are currently recruiting or plan to take on staff over the next one to two years – an increase of 20pc on the findings of the same survey last year.

"The survey results show that employees remain one of the biggest challenges," said Jason Ward, EMC director for Ireland and Britain. "With the majority of business today conducted online, staff are now the security perimeter and education. Irish businesses need to be better prepared and defend themselves from attack through intelligence-driven information security, collecting reliable cyber-security data and researching prospective cyber adversaries to better understand risk and learn how to protect themselves."

Adrian Weckler