Almost half (46%) of Irish businesses wouldn’t disclose a data security breach to impacted third parties, including customers and suppliers, a new survey has found.
This is despite 33% of Irish businesses admitting that they have suffered a data breach in the past 12 months.
The survey was commissioned by Ward Solutions and carried out by TechPro, and was carried out in May and June 2016 among 133 senior IT professionals and decision-makers in Irish-based businesses, which were typically larger enterprises.
More than a quarter (26%) of respondents admitted that they have no official crisis management plan to deal with potential data breaches.
A further 32% feel that their board of directors does not understand the potential security threats to their business.
In addition, 42% of IT professionals believe their business growth is being hindered by IT security concerns and precautions.
The survey also found that while 63% of businesses expect to spend more on their IT security in the next 12 months, a considerable number of Irish IT leaders are unsure about the location of their critical data and who is handling it.
Some 18% of respondents admitted that they don’t know where, or by whom, data handled by third parties in the supply chain is held.
In fact, respondents also had their doubts about the trustworthiness or expert knowledge of the people handling their data – including their own staff and also employees on the supply chain - 10% said that they are not at all confident in them.
Pat Larkin, CEO, Ward Solutions, said: “It is crucial for all Irish businesses to know exactly where their data is at all times and who is handling it.
“A lack of that knowledge puts organisations, and their customers, at greater risk of being attacked. It’s a major concern that almost half of Irish companies would not inform their customers, partners or suppliers that their information has been compromised through a data breach.
“There’s a worrying trend that cybercrime is being under-reported in Ireland.
“Customers place their trust in the companies they deal with and it is every business’s obligation to be transparent with those customers and inform them of any risk to their data.”
Also revealed in the survey were the figures demanded by hackers in ransomware incidents. Two-thirds of those who have been held to ransom said the ransom demand they faced was less than €1,000.
This indicates a growing trend amongst cyber criminals to demand smaller fees that are more likely to be paid – especially by smaller enterprises.
However, 58% of companies surveyed said they wouldn’t pay a ransom, no matter what the demand.
“Data breaches and ransomware attacks are continuing to grow at pace in Ireland,” concluded Pat Larkin.
“They often lead to significant brand and financial damage through poor handling of the situation.
“It’s essential that Irish organisations put comprehensive crisis management plans and systems in place to remain protected and ensure survival in the event of an attack.”