Irish businesses exposed to significant legal risk due to lack of preparedness for cyber attack

Submit a News Story
Irish businesses exposed to significant legal risk due to lack of preparedness for cyber attack

Less than a third of businesses across Ireland are fully prepared to deal with a cyber attack and a significant majority are not fulfilling basic legal requirements, leaving themselves open to possible litigation and fines on top of risking the loss of intellectual property and commercially sensitive information.

This is according to the 2015 Cyber Risk Study – one of the largest domestic cybercrime studies of its type, which was published today by leading corporate law firm A&L Goodbody.

The study, conducted by Red C, confirmed that basic legal obligations not being fulfilled by businesses include: not having written cyber security policies in place (65%); not providing training to employees on what to do in the event of an attack (59%); and not allocating responsibility to any one employee or team to deal with an attack (49%).

Highlighting the need for companies to deal with cyber security issues from the top down, the survey also found that one in four (25%) company boards had not been briefed on their business’ legal obligations and the mechanisms that were in place, if any, to deal with a cyber attack.

Furthermore, less than a third (27%) of companies surveyed said they were fully prepared to deal with an attack and, when prompted, cited a lack of awareness of their company’s legal obligations as their biggest challenge (63%).

The survey also highlighted the risk that companies are exposing themselves to by not taking heed of the cyber risk policies of third party service providers who have access to their data. Half (50%) of companies surveyed confirmed that their data is stored by a third party off-site, and within this group, 44% admitted to not knowing their supplier’s cyber security attack policy.

Commenting on the findings, John Whelan, Partner and Head of A&L Goodbody’s International Technology Practice, said the Cyber Risk Study demonstrated Irish businesses’ exposure when it comes to cybercrime:

As cyber risk becomes more sophisticated, and more prevalent, businesses are exposed to increasing risk to their reputation and their bottom line. Boards and senior management must have policies in place to protect their business should a cyber incident occur. An important part of this is ensuring that the basic legal requirements are met, and the survey shows that while many businesses are aware of their exposure they are not fully prepared for it.

In addition to the operational and business risk, there is material legal risk with consequences in terms of possible legal and regulatory action, and potential harm to market reputation” added Whelan.

Other key findings from the research include:

  • 28% of boards have not considered the possibility of a cyber-security attack
  • 90% believe a cyber attack would have a negative impact on their business
  • 10% believe a cyber attack would have such a negative impact that it could close their business

Article Published: 28/05/2015