40% of SMEs in Ireland have fallen foul of a cyber-attack leading to theft or loss of company data. This is according to findings from a nationwide survey conducted by Big Red Cloud. The survey sought to ascertain the views of business owner/ managers of 500 of Ireland’s SMEs, on issues pertaining to cyber security and data protection. It also asked respondents whether or not sufficient protections are in place in their business. This is the 3rd in the series of Big Red Cloud Business Sentiment Surveys rolled out this year.
Marc O Dwyer, CEO of Big Red Cloud commented on the findings, “Cyber-attacks wouldn’t have been considered a widespread threat to business 10 years ago, but the advent of ICT and the greater integration of technology in businesses across all industries has meant that most businesses are now vulnerable to this threat and as a result need to take the necessary precautions to at least make it as difficult as possible for cyber criminals to target their firm”.
The 3rd Big Red Cloud Business Sentiment Survey revealed that of those SMEs that said they had been hit by a cyber security attack – a “virus” was the top form of threat – with 42% being hit by one of these in the past.
Other sources of breaches included:
– Ransomware (where the firm has to pay to unlock/ fix) 18%
– Loss of data/ data theft 4%
– Phishing 30%
– Other 6%
Marc explained, “We asked those firms affected if they could quantify the losses involved and thankfully the majority (75%) said they were able to deal with the issue without having to pay out financially. 9% said it cost them between €1- €1000. However, worryingly, 10% said it cost them anything between €1,000 – €100,000, with the remaining 6% saying it was impossible to quantify. This last point is telling because even if you never have to hand over a cent to the cybercriminal, the costs incurred due to lost time at work and having to employ specialist IT security professionals to deal with the issue and perhaps subsequently purchase IT protection software, can all add up”.
One of the more positive findings that emerged was the fact that 76% of SME respondents have cybersecurity measures in place. When asked what this consisted of respondents answered as follows:
– Basic anti-virus software e.g. Norton Antivirus 63%
– Systems from third party provider 24%
– Systems developed by in-house IT dept. 3%
– Other 10%
Marc commented on the findings, “While it’s good to see that 2/3s of Irish SMEs have some degree of cyber protection in place, we believe that many of these firms may need to reassess whether or not the protection is sufficient. Cybercrime is evolving at an incredible pace and has become quite sophisticated in the past two years in particular – so it’s really up to each firm to ensure they keep pace with the cyber criminals.
We also found that just 44% of respondents say that there is an individual within the firm with responsibility for cybersecurity. However, we would advocate that all businesses appoint such a person – or even a team of people – who other staff members can refer to if they receive what they believe to be a fake or malicious email, or if they have any concerns around a potential security breach. Having policies and processes in place to deal with these issues before they happen could save businesses lots of time and money in the long run”.
The Big Red Cloud survey found that “data protection” was not seen to be a major issue for many firms with just 33% saying they were having difficulty dealing with it.
The respondents were also asked their views on two pieces of cyber security legislation due to come into effect this year – the Network Information Security Directive (NIS) and the General Data Protection Regulation (GDPR)
Marc went on to say, “74% of SMEs say they had never heard of the NIS and 71% said the same of the GDPR. Just 3% said they had heard of the NIS and were taking steps to comply while this figure rose to 9% of the GDPR. These findings are particularly worrying as it means the businesses who either don’t know anything about the developments and/ or haven’t done anything about them are leaving themselves open to potential fines from relevant EU oversight bodies – failure to comply coupled with the cybercrime threat, it’s a headache any business can do without”.
Marc concluded, “We ran this survey because we know from working with our clients that this is a real live issue for businesses. We provide front line support and from our daily discussions with clients it is clear that cybersecurity is not just a serious issue but one that is growing. We hope that the results of this survey might spur those businesses that don’t have any security policy in place to consider taking action – before it’s too late”.