Human element biggest threat to information security, says ICS
Irish Companies are suffering data breaches in record numbers, according to a new survey from The Irish Computer Society (ICS). The survey, conducted among IT administrators in 256 Irish-based companies, revealed that more than half of firms have experienced a data breach in the last 12 months, with 22% suffering multiple breaches.
Over half (51%) of respondents reported the incidence of data breaches in the past year. This is sharply up on the previous 12 months, where just 43% reported a breach. Furthermore one in three Irish companies’ staff were said not sufficiently aware of data protection issues, with some 40% of staff receiving ‘insufficient’ or ‘no’ data protection training.
Asked about the correct adoption of data protection procedures, more than one in three IT managers polled said policies were not implemented or just partially implemented. Asked about the nature of data breaches generally suffered in Ireland, companies here said that most resulted from negligent employees.
However, the next biggest threats were split between external attackers seeking to obtain data and end user devices with sensitive data, such as unencrypted laptops. The new figures come as the introduction of new data protection legislation that will see it made necessary for most organisations to have a Data Protection Officer is imminent.
Commenting on the results Fintan Swanton, chairman of the Association of Data Protection Officers believes that the results of this survey indicate the need for organisations to take steps to manage their data processing environment.
“Employees might appreciate the importance of data security, but organisations need to instil a culture of compliant data management,” he said.
“Clear policies and procedures are vital, with regular refresher training and timely reviews to ensure that staff are complying with the structures.
“It is as much a case of protecting the organisation’s commercial reputation, as it is of protecting the individual’s privacy. With an increase in the number of Irish firms suffering a data breach on the rise significantly, there is an urgent need for adequate staff training and policies”