Cyber crime costs firms 2.7% of turnover

One incident cost an estimated €135,000, Deloitte survey claims

Jason Ward of EMC and Colm McDonnell of Deloitte at the launch of the Deloitte Irish Information Security and Cybercrime Survey. Photograph: Jason Clarke Photography
Jason Ward of EMC and Colm McDonnell of Deloitte at the launch of the Deloitte Irish Information Security and Cybercrime Survey. Photograph: Jason Clarke Photography

Digital crime costs Irish organisations an average of 2.7 per cent of their turnover for the year, with a single incident costing an estimated €135,000, a new survey has claimed.

According to the annual Deloitte Information Security and Cybercrime Survey, which was carried out in association with EMC, about 40 per cent of firms in Ireland have had at least one security breach in the past 12 months. Of these firms, 21 per cent said there had been up to five breaches, and 7 per cent recorded more than 20 incidents.

The cost of simply cleaning up a security incident came in at just under €30,000 on average, the survey found.

In what could be a more worrying sign, more than a quarter said they were unsure how many breaches their company had suffered over the year, and almost half said funding was limited.

Attack

READ SOME MORE

Deloitte’s Colm McDonnell said it was worrying that 28 per cent of companies were unaware of the level of attack on their business.

“You would expect senior management to know the level of incidents and near misses,” he said.

Hacking was the most common form of security breach identified, with 19 per cent of organisations saying they had suffered such an attack. About 14 per cent were subjected to a denial of service or distributed denial of service attack, while 12 per cent said security breaches were caused by malware.

Lack of funding is still a major challenge for companies in fighting security breaches, although emerging technological threats moved to the top of the list of challenges, knocking employees into second place.

“It only becomes a boardroom issue when you become directly impacted,” Mr McDonnell said.

Although the number of serious incidents identified by companies was falling – 45 per cent of firms that reported a breach said the organisation had identified 40 per cent of serious incidents compared with last year's 58 per cent – Mr McDonnell said this was not necessarily a positive sign.

Decline

He noted it was difficult to tell if the decline was due to incidents being prevented or to cyber attacks becoming more sophisticated.

“It would be naive to think we’re ahead,” he said.

Despite the cost of such incidents, only a third of companies said preventing such intrusions and digital crime was identified as a priority.

The main driver behind investment in advanced security technologies was still compliance, the survey found, with 45 per cent of respondents saying it was the main motivator.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist