IRELAND punches above its weight in cybersecurity terms, but smaller firms are finding it difficult to keep pace with evolving threats, says one leading digital risk expert.
Carol Murphy, consulting partner and head of technology risk with EY, says Irish-based multinationals and larger corporations are investing heavily in both data and security. The general rise in remote working, however, has added pressures upon the resources of smaller firms.
“There is great confidence and trust in technology in Ireland,” said Carol Murphy. “Some of the world’s biggest tech companies have a strong presence here. We have a lot of tech talent in Ireland, which is helping us to punch above our weight as a nation in terms of data security.
“We are the gateway to Europe for a lot of large organisations, so we have always been very conscious of online security threats. From life sciences and pharma to FMCG and manufacturing, companies invest very carefully and wisely in technology.”
The newly released ‘EY CEO Imperative Study 2021’ shows that 84% of Irish CEOs intend to make a major investment in data and technology over the next 12 months 68% globally.
The survey of 305 CEOs from the world’s largest companies (Forbes Global 2,000 Companies), also found that half of Irish CEOs believe the most significant impact on their business will be delivered through accelerating technology and digital innovation.
“The fact that 84% of CEOs here are committed to investing in technology shows huge confidence. We are seeing a trend in companies that embed ‘security and trust by design’ as a mindset across the organisation. For those organisations willing to embrace this type of thinking - so they can demonstrate trust and assurance to key stakeholders when it comes to processes, systems, and data - the impact and competitive advantage this can afford businesses the potential to be truly transformational.
“Locally, awareness of cyber risk has been heightened by recent high profile attacks in Ireland. We are seeing huge interest among our clients in gaining an understanding of their level of readiness for cyber attack.”
The EY survey shows that CEOs are highly attuned to tackling cyber risks. Accelerated by workforces moving to remote work and the inherent threats to data security and to finance, many organisations have given greater board-level prominence to their CTO, CIO, CFO, and COO.
“All of these executives are communicating to the board to explain what they are doing to protect the company’s infrastructure and data,” said Carol. “They’re outlining they are protecting the business. That conversation will continue to happen at board level.
“Investment in cybersecurity will have to keep pace with investment in technology. I think that this awareness was already there in the C-suite, and that’s quite true of all sectors. They’re investing in those capabilities and acquiring the right solutions.
“We’re talking to clients about the concept of ‘security and trust by design’. Security is something that is thought about from the very start, building trust in the system. Those companies that do this will have a distinct advantage over those that don’t.”
When it comes to the key competencies CEOs feel require new or increased attention at C-Level to ensure growth over the next five years, Irish respondents to EY’s CEO survey overwhelmingly ranked cybersecurity in number one position, with 69% of CEOs in agreement compared to a global average of just 37%. This ranked ahead of competencies such as Artificial Intelligence (AI) and data science, disruptive innovation, climate risk, and geopolitical risk.
Many of EY’s clients have been simulating cyber attacks and disaster recovery scenarios to assess whether or not their systems are robust enough.
As the recent HSE hack showed, the risks with cyber attacks go far beyond reputational damage, potentially limiting an organisation’s ability to function on a daily basis. Most big companies in Ireland are consistently investing in technology, ensuring they are keeping pace with data security risks.
The EY survey shows that 63% of Irish CEOs believe their organisations currently deliver timely data-driven insights enabling better internal and customer outcomes.
That said, only 38% of Irish CEOs believe they have seamless access to data across the enterprise, which means while real progress is being made, further investment may be required to improve access to business-critical data in real-time. For SMEs, this can be a significant budgetary decision.
“The bigger companies have the budget and the appetite to invest in protecting themselves against these risks,” said Carol Murphy. “This investment can be more of a challenge for SMEs.
“There is a lot of knowledge out there in terms of the standards required, and SMEs are doing their best to move towards the best-operating models. There are different levels of maturity in this, and it varies from one sector to another.
“Sectors like financial services and life sciences have invested more in protecting against these risks. This level of investment is more of a challenge for retail, manufacturing, and the public sector.
“My advice for any organisation is don’t wait for something to happen before you act. Some risks are predictable and can be managed if you are well prepared.”