| 17.6°C Dublin

Only one in five Irish companies haven't suffered data breach in last year


Just one in five Irish companies and organisations now say that they did not suffer a data breach within the last year.

Irish companies are falling victim to data breaches more and more, according to new research from the Irish Computer Society.

The organisation, which released the results of its annual survey into data protection within ordinary Irish companies, has found a rise in data breaches and external hacking attacks.

Over half of Irish companies say that they have suffered a data breach in the last 12 months, with almost one in five Irish companies saying that they were the victim of some kind of malicious external attack.

Just one in five Irish companies and organisations now say that they did not suffer a data breach within the last year.

The survey, which was completed by almost 200 firms, half of which employ over 100 people, reveals that one in three Irish companies has no corporate data breach policy and that almost half of Irish firms' staff are poorly trained for data breaches.

Only two in five Irish firms have any internal sanctions for non-compliance with data protection rules. And most Irish companies have no guidelines on transferring data outside the country, despite a majority engaging in such transfers.

However, the research shows that Irish companies' biggest threat continues to be "negligent employees", with one in five singling out bungling staff as the biggest issue they face in keeping sensitive information secure.

Hackers are the next biggest worry (14pc) while staff losing unsecured phones, laptops or USB keys comes third (12pc). "Insecure third parties", including some commonly used cloud services, are a data security concern for one in ten Irish firms.

But companies have become far less worried about "malicious employees", with just 2pc of respondents saying that such people were a primary threat to compromising their firm's data privacy.

And there is rising satisfaction with the level of training and understanding that staff possess relating to broad IT security policies outside of data breaches. In total, 60pc say that staff are "well" or "very well" trained when it comes to "information security" policies. And despite a third of Irish workforces not being sufficiently familiar with data breach policies, two out of three companies say that they have implemented data breach policies in some or all of their business units.

Furthermore, there is a rising number of people who believe that they would be notified if a data breach occurred that affected their personal information. Over three-quarters (78pc) thought it was "very likely or somewhat likely that this would happen, with just 8pc doubting they would be informed.

The majority of data breaches suffered by Irish companies involve fewer than 100 records, according to the survey.

Irish companies also believe that the carrot is a better tutor than the stick when it comes to better implementation of IT security and data breach policies.

And 61pc say formal training and awareness programs are the best way to improve observance of best practice in the area, with just 2pc saying that more punitive measures for breaches were the answer.

Irish Independent