Nearly all of the surveyed companies have either faced cyberattacks or are bracing for one.
More than half of the compliance professionals in Irish financial services companies say their organisations experienced cybercrime in the last five years, and many believe the worst is yet to come.
This is according to a new report by the Compliance Institute, the country’s professional body for compliance professionals. The report stems from a survey of 150 experts across Ireland, most of whom work in financial services.
Of those polled, 51pc said that their organisation fell victim to cybercrime such as phishing, ransomware or fraud attempts in the past five years. However, while 45pc of these incidents had “minimal impact”, 6pc reported “significant consequences” as a result, the survey noted.
47pc of those surveyed say that although their organisation has not yet experienced a cyberattack, they remain “actively concerned” about potential threats to their cybersecurity, while just 2pc said they don’t see cybercrime as a major risk.
Several reports have highlighted the risks that cyberattacks pose to Irish businesses over the years. Last year, Hiscox’s Cyber Readiness Report revealed that 74pc of Irish organisations surveyed suffered an increase in cyberattacks in the past year – although this encompasses more than just financial service providers.
However, despite the ever-increasing risk, only 28pc of companies in the country implemented “robust” cybersecurity measures across their organisations, a 2024 PwC report found.
“Cybercrime is no longer a niche or occasional risk – it’s a persistent, evolving threat that affects almost every organisation in some shape or form,” said Micheal Kavanagh, the CEO of the Compliance Institute.
“The fact that over 97pc of compliance professionals either have experienced or are worried about cyber incidents shows just how central cyber resilience has become to the compliance and risk agenda in Ireland.”
Trained employees are best line of defence
87pc of the surveyed professionals told the Compliance Institute that employee training and awareness was their top line of defence. “The single biggest vulnerability in most cyberattacks is human error,” Kavanagh explained. “That’s why training and awareness continue to be so crucial.”
As well as employee training, investments into cybersecurity technology and improved systems to detect and monitor fraud were seen as crucial. However, only 21pc of the surveyed experts noted using regulatory reporting and compliance efforts as a defence against cybercrime. Kavanagh said that this could suggest a gap between policy and practice which needs to be bridged.
The Compliance Institute survey suggests that Irish organisations are increasingly aware of the cyberthreat landscape, while also showcasing a need to improve their preparedness.
“It’s not enough to invest in technology and hope for the best,” explained Kavanagh.
“Cyber resilience is a continuous process, involving training, monitoring, governance and strong coordination between compliance, IT and senior management. In a world where cybercrime is growing more sophisticated by the day, complacency is the real risk.”
Last October, the EU’s Network & Information Security 2 (NIS2) Directive entered into force, mandating organisations to implement stronger security and train higher level corporate managers on their company’s cybersecurity measure.
In November, the National Cybersecurity Centre launched a €2m fund aimed at SMEs to improve their cybersecurity. Co-funded by the European Union’s Digital Europe Programme, eligible SMEs can receive up to €60,000 to strengthen their IT systems, improve operational security and ensure long-term protection from increasingly sophisticated cyberattacks.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Click Here For The Original Source.
