Pictured from L to R: John Cahir, Partner, A&L Goodbody; Paul Anthony McDermott, BL; Karlin Lillington, Irish Times Technology Columnist; Dara Murphy, TD, John Whelan, Head of A&L Goodbody’s International Technology Practice; Claire Morrissey & Mark Rasdale, Partners, A&L Goodbody.
Irish businesses exposed to significant legal risk due to lack of preparedness for cyber attack
-Less than a third of businesses fully prepared to deal with an attack
Less than a third of businesses across Ireland are fully prepared to deal with a cyber attack and a significant majority are not fulfilling basic legal requirements, leaving themselves open to possible litigation and fines on top of risking the loss of intellectual property and commercially sensitive information. This is according to the 2015 Cyber Risk Study– one of the largest domestic cybercrime studies of its type. The study was officially launched to clients by A&L Goodbody yesterday at it's offices. Minister Dara Murphy TD, gave a keynote address at the event. This was followed by commentary and analysis by a number of well-known specialists in the area, including: Karlin Lillington, Irish Times Technology Columnist, Paul Anthony McDermott, BL and Members of A&L Goodbody's Cyber Risk Team: John Whelan, John Cahir, Mark Rasdale and Claire Morrissey.
The study, conducted by Red C, confirmed that basic legal obligations not being fulfilled by businesses include: not having written cyber security policies in place (65%); not providing training to employees on what to do in the event of an attack (59%); and not allocating responsibility to any one employee or team to deal with an attack (49%).
Highlighting the need for companies to deal with cyber security issues from the top down, the survey also found that one in four (25%) company boards have not been briefed on their business’ legal obligations and the mechanisms that are in place, if any, to deal with a cyber attack.
Furthermore, less than a third (27%) of companies surveyed said they were fully prepared to deal with an attack and, when prompted, cited a lack of awareness of their company’s legal obligations as their biggest challenge (63%).
The survey also highlighted the risk that companies are exposing themselves to by not taking heed of the cyber risk policies of third party service providers who have access to their data. Half (50%) of companies surveyed confirmed that their data is stored by a third party off-site, and within this group, 44% admitted to not knowing their supplier’s cyber security attack policy.
Commenting on the findings, John Whelan, Partner and Head of A&L Goodbody’s International Technology Practice, said the Cyber Risk Study demonstrated Irish businesses’ exposure when it comes to cybercrime:
“As cyber risk becomes more sophisticated, and more prevalent, businesses are exposed to increasing risk to their reputation and bottom line. Boards and senior management must have policies in place to protect their business should a cyber incident occur. An important part of this is ensuring that basic legal requirements are met, and the survey shows that while many businesses are aware of their exposure they are not fully prepared for it.”
“In addition to the operational and business risk, there is material legal risk with consequences in terms of possible legal and regulatory action, and potential harm to market reputation” added Whelan.
Other key findings from the research include:
70% of boards have considered the possibility of a cyber attack
28% of boards have not considered the possibility of a cyber-security attack
90% believe a cyber attack would have a negative impact on their business
10% believe a cyber attack would have such a negative impact that it could close their business