More than half of Irish Companies have suffered a data breach within the past year

According to the results of a National Data Protection Survey – more than half of Irish companies say that they have suffered a data breach in the last 12 months.

The results also show that data breaches, hacking attacks and employee negligence have all risen in the last year in Irish organisations.

External attacks have also increased, with almost one in five Irish companies claiming to have fallen victim to some form of malicious external attack.

Other findings include:

• One in three Irish companies have no corporate data breach policy and almost half are poorly trained for data breaches.
• Only two in five Irish firms have any internal sanctions for non-compliance with data protection rules.
• Most Irish companies have no guidelines on transferring data outside the country, despite a majority engaging in such transfers.

The survey has shown that Irish companies’ biggest threat continues to be “negligent employees”, with one in five singling out inept staff as the biggest issue they face in keeping sensitive data secure.

14% Respondants claimed hackers are the second biggest threat, while 12% said thatstaff losing unsecured phones, laptops or USB keys would be the third biggest threat.

One in ten Irish companies cite “Insecure third parties”, including some commonly used cloud services, as a data security concern.

However, companies seem to have become far less worried about “malicious employees”, with just 2% saying that such people would be a primary threat to compromising their organisations’ secure data.

According to the survey there also appears to be a rising satisfaction with the level of training and understanding that staff possess relating to IT security policies outside of data breaches, with around 60% saying that staff are “well” or “very well” trained when it comes to understanding “information security” policies.

Two out of three companies claimed to have implemented data breach policies in some or all aspects of their business even though one third of employees say they are not adequtely familiar with them.

The survey also shows that there is a rising number of people who believe that they would be notified if a data breach occurred which concerned their personal information. More than 78% thought that it was “very likely or somewhat likely that this would happen, with just 8% doubting they would be informed.

There was some good news with most respondants saying the majority of data breaches suffered by their companies involve fewer than 100 records.

61% of people said that data protection training and awareness programs are the best way to improve the acknowledgment of best practice in the area, with just 2% saying that more disciplinary measures for breaches were the answer.

To ensure your organisation doesn’t fall victim to a data breach, ensure your staff are trained on the subject by registering them to attend our National Data Protection Conference taking place on January 28th and keep an eye on our wide range of Data Protection training and events here.

Visit our solutions and find out how Kefron can help manage and protect your information.

Reference: ICS