Deloitte, in association with EMC, brings you the first annual Irish Information Security and Cybercrime Survey. This survey was conducted in May 2012 and respondents included Irish information security leaders of multinationals, Irish organizations and subsidiaries. These organizations operate across a range of industries including financial services, the public sector, manufacturing, IT, semi-state and insurance.
Key findings:
• €41,875 is the average cost per organisation for a security incident over the past year.
• 60% of organizations indicated they are only partially equipped to deal with cybercrime, and have no specialist systems in place to detect instances of cybercrime taking place.
• 68% of respondents stated that no action was taken following an investigation of internal or external incidents.
• 70% of respondents noted that they believe their information security posture is on par with their peers.
• 44% of respondents stated that they believe board members have an average understanding of information security risks.
• 50% of respondents stated that they have no plans to take on additional information security personnel in the next one to two years despite increasing levels of cybercrime and security breaches.
• 50% of respondents believe that employees and their activities presented the biggest challenges in information security. However merely 46% of organizations had
obtained signed acceptance from users for all relevant policies and standards.
• 31% of organizations are supporting both corporate devices and employee purchased devices (bring your own device).
• 32% of respondents had experienced between one and five breaches in the last year, with 42% of respondents stating that they had experience
This survey demonstrates how organizations need to act quickly and effectively in order to control and prevent cybercrime and information security threats.
Information security and cybercrime activities are often not aligned sufficiently with other business efforts and risk management practices. Despite a significant increase in cybercrime activity, additional resourcing and security personnel were not a priority for many of the organizations surveyed. With the average security incident costing organizations €41,875, this is an unavoidable issue.
Half of the organizations surveyed believed that employees’ actions and activities presented the biggest challenges to information security. These are issues which organizations need to address and should be a priority for all CISOs and information security managers.