“Nearly three quarters of Irish organisations impacted by cybercrime in 2022.”

Annual report indicates a worrying upward trend in cyber attacks across the Irish business community.

30th of November is Computer Security day and we are helping to promote awareness of the urgent need for robust data security management across the Irish business landscape. In this blog, we analyse the striking findings of the latest Hiscox Cyber Readiness Report.

Back in April 2023, we published an article on the rise in the number of Cyber Threats leading to growth in that sector in Ireland.

Now, we bring you the results of the 2022/23 Hiscox Group Cyber Readiness report.

The report, published annually by insurers Hiscox Group, shows an ongoing upward trajectory in the numbers of Irish businesses impacted by cyber crime to the end of 2022. The report’s stark findings show that the percentage of organisations subjected to cyber attacks has risen to over 70% of the overall number polled.

What is the purpose of the Cyber Readiness Report?

According to Eddie Lamb, Director of Education and Advisory at Hiscox Group, one of key purposes of this annual report is to drive up “levels of awareness and understanding of the cyber challenge”. The company also sees the survey as an essential part of their role as trusted insurer.

How many Irish businesses experienced a Cyber Attack in 2022?

Of the 200 businesses surveyed by Hiscox, nearly three quarters revealed that they had been impacted by some form of cyber crime in the 12 months to the 31st December, 2022. Standing at just over 140 businesses nationwide, the total represents a jump of over 20% based on last year’s statistics.

“The global average for corporate cyber attacks is 53%,
Ireland’s average stands at an alarming 71%.”

The report’s findings also show that many of the businesses were effected more than once, but with a minimum of 70% reporting a cyber crime, of the eight countries surveyed, Ireland now stands out as the country with the worst record. With the average across Belgium, France, Germany, Netherlands, Spain, UK, US and Ireland standing at 53%, Ireland’s statistics show a disparity of nearly 20% with its corporate counterparts.

“The hackers’ preferred sweet spot is the IT server”

The survey also identifies the hackers’ preferred sweet spot – or corporate weak spot if you prefer – reporting that the greatest number of attacks were carried out via IT servers, with nearly 60% of those businesses surveyed having identified the source of the breach in their Server Infrastructure. Despite constant press coverage of email or phishing scams, many of those who participated in the survey reported a rise in malware or ransomware attacks through links to scam emails.

Of those attacked, one third indicated that the attack was a financial one, typically involving payment diversion, where funds are fraudulently debited from a legitimate bank account or card and transferred to an anonymously held account, usually outside the jurisdiction of the targeted company or organisation.

The number of small organisations (with less than 10 employees) attacked rose by over 35%

Cyber attacks have grown exponentially across the globe over the last five years, yet notwithstanding this continued growth, reports Indicate that IT and Data Security are not top priorities for many businesses, including several hundreds of those already effected. Worryingly, of those attacked, the number of small businesses rose by over a third, propelling independent or family-owned businesses into the high-risk category.

While spend on IT security increased in 2022, of the 5,000 businesses surveyed worldwide, cyber threat is seen as a “dominant risk’ in only 5 out of the 8 countries involved in the survey, with the three outliers being Belgium, the UK and Ireland. Despite this, Ireland ranks first when it comes to Cyber Insurance with 70% of businesses indicating they had taken out additional cover.

Just over 10% or one in eight of the firms attacked suffered a financial loss of Euro 250,000

In slightly better news, the percentage of those businesses subjected to ransom attacks fell to 63%, however, the flip side is that only 46% of those who did pay successfully recovered their data, with many stating that the attackers demanded further monies after payment of the initial ransom.Of those subjected to an attack of some kind, just over half said the cost came in under Euro 10,000, a improvement on 2021.

However, one in eight firms reported a financial loss in excess of Euro 250,000. A figure not for the faint hearted CFO!

The biggest concerns raised by Irish participants revolved around remote working, with many citing the lack of ‘hands on’ control and potential for data loss through human error when devices are removed from secured settings as huge issues in terms of data privacy and device management.

According to a Hiscox spokesperson, the rise in Cyber Insurance cover is positive but is outweighed by the dramatic growth in the number of data breaches across the business landscape. “The growth in the number of attacks on Irish business has increased for the third year in a row; this fact clearly illustrates that Cyber Crime must now be viewed as a standard business risk” they said.

“Hackers are constantly changing how they work to identify new vulnerabilities as can be seen by the rise of Phishing emails as the main entry point.”.

How can my business protect itself from a Cyber attack?

There are various means by which a company can protect itself from cyber crime not least of which is investing in the latest state-of-the-art IS technologies including Firewalls, Antivirus, Network Security, Encryption software etc.

However, the research team at Hiscox recommends operational focus on several key pillars including:

  • Processes & Procedures
  • Robust Data Storage
  • Network Detection (new Assets, Comms etc.)
  • Ongoing Awareness & Readiness Training

While we may not be qualified to advise on how to detect new assets on your network or which forms of data storage are the most secure, we can advise on processes and procedures.

ISO 27001

ISO 27001 is not only an international recognised standard but also one of the most thorough and effective cyber security frameworks to achieve data availability, confidentiality, integrity and security.

ISO 27001 is the international standard for best-practice Information Security Management Systems (ISMS).

Rigorous in its requirements and systematic in its approach to risk, it offers organisations a comprehensive framework for the protection of IT infrastructure, applications and systems, under the umbrella of availability, confidentiality, continuous improvement, integrity and security.

Suitable for organisations of any size or sector, ISO 27001 contextualises IT security in terms of overall management and operations of the company. Risk-based and process driven, it helps businesses to identify and address weaknesses, optimise data privacy and ultimately protect themselves from the threat of cyber attack through an unparalleled information security management system.

For more information on how ISO 27001 could help your business enhance its data and IT security processes and strategies, contact CG Business Consulting on 01 620 4121 to have a chat with one of our team of Information Security experts.