Irish companies were today warned of the increasing risk of cyber security to their businesses at a conference held by Aon Risk Solutions, at The Convention Centre in Dublin.
Research conducted by Aon Risk Solutions, published at the event, highlights severe vulnerabilities amongst companies operating in Ireland. Data based on inputs from over 1200 companies into the Aon Cyber Diagnostic Tool revealed a lack of awareness about potential exposures and a lack of focus on putting in place structures to manage and mitigate that risk. The survey reveals that 92% of Irish companies are exposed to cyber risk – a figure that is higher than the global average which stands at 86%.
Addressing the conference Sarah Stephens, Head of Cyber Risk & Commercial E&O – EMEA, Aon Risk Solutions said: “The digital interconnectivity of business operations, suppliers and customers in today’s world has resulted in organisations being increasingly exposed to cyber-attacks. As the technology sector evolves and companies become more reliant on cloud computing, big data and social media the cyber risk threat continues to grow. While technical innovation is a great thing that can benefit everyone it can also be damaging if a company’s policies and procedures do not change to keep pace with the potential exposure that the use of new technology can bring to a company or an individual.”
“It’s our experience that the issue of cyber security needs to be addressed at boardroom level. The research from our cyber diagnostic tool shows that only 22% of people at management level in Irish companies are actively engaged on the topic. Aon’s goal is to help clients to use risk understanding to make better business decisions and ultimately support them in growing a safer working and commercial environment.”
“The diversity of threats is increasing – from the loss of control of data through the use of outsourcing to the growing proficiency of hackers and malicious individuals to the constant risk of human error in an organisation a hit can come from one of many different places. One area where we consistently find a weakness is that companies are allowing individuals to send sensitive data to their personal devices. They are doing this without investing in the right kind of training and leave both themselves and the employee exposed. Saving a few hundred euro on training will cost in the long run if an employee treats company data incorrectly.”
“The impact of an attack can be massive. We saw this with the Target retailer in the US earlier this year. According to public information, the credit card fraud suffered by the company resulted in the largest paid cyber insurance claim in history, and had a massive global impact. While this can compensate to a certain level for the commercial and reputational losses suffered it would clearly have been better if the company had been better protected from the outset and not exposed to the attack.”
The audience also heard about the upcoming EU Data Protection Directive which is to be enacted by 2017 and extends the scope of the EU data protection law to all companies processing data of EU residents.
Sarah Stephens added: “The new Directive will require new procedures from companies in the area of data protection. With the Directive less than three years away from being enacted steps need to be taken now to put the groundwork in and to ensure they are in a position to fully comply in time. Aon is currently working with large companies and organisations across Europe to help them prepare for the significant changes that are on the way.”
The Aon cyber diagnostic tool is available for businesses to avail of at www.aon.com/risk-services/cyber-diagnostic-tool.jsp. Aon has created this interactive tool to help companies identify and consider the key internal and external factors that may affect your levels of cyber risks. The tool allows companies to avail of a free report which provides a high-level understanding of the risks facing an organisation.