Securing the Future 2020

Research by Amárach for Microsoft Ireland (report here) has revealed that three in four (76%) leaders in large organisations in Ireland are worried for their organisation’s security.

The research was conducted across 200 decision makers who work for organisations that employ upwards of 250 staff. This research follows on from Microsoft research in 2019 that looked at employees’ security habits. Both sets of research together provide both the employee and then the employer perspectives on the state of cybersecurity in Ireland.

This year’s research focuses on four key areas of cyber risk: Identity Access Management, Threat Protection, Information Protection and Security Management.

Identity and Access Management: When asked how organisations manage employee’s identity and access and identity management (IAM) policies, four in ten senior IT decision makers are somewhat worried about the digital threats they face due to challenges in managing employee’s IAM. When asked what particular issues they faced they felt the following were the toughest challenges:

  • Too many portals and passwords
  • Escalating number of password reset calls to Help Desk and rising costs
  • Lack of visibility and control across environments

Only a minority (one in four) completely agree they have strong IAM processes in place. This concern is further reinforced by previous research from Microsoft that showed that 44% of employees use the same password across multiple devices, with a further 38% recycling passwords at work.

When organisations and employees were asked about alternatives to passwords, biometric verification (e.g. facial recognition or fingerprint) ranked the highest amongst organisations (58%) and employees (62%), as a replacement to traditional passwords.

Security Management: Only one in four organisations fully believe they are well secured against cyber threats. When it comes to security management, only 3 in 10 of senior IT decision makers completely agree they have a clear strategy for protecting and managing sensitive information.

A majority (70%) of large Irish firms have experienced problems with phishing, hacking, cyber-fraud, or other cyber-attacks. Despite this, approximately the same number (69%) are not planning to hire additional staff with cyber-security expertise. Of the 31% who are planning to bring on additional cyber-security staff, over half (54%) are finding it challenging to find the right candidate.

Increases in the sophistication of cyber-threats requires organisations to continually adapt and invest in their preventative measures. When asked if they plan to maintain, or further invest in their cyber-security measures, nearly half plan to invest, while four in ten plan to maintain their current budgets. Of those who plan to increase spending, 67% will invest in software, 66% in training, 47% in hardware, and less than a third (31%) plan to invest in recruitment.

Threat Protection: 70% of Irish organisations have experienced problems with phishing, hacking and cyber-fraud. When asked to rank their top five cyber-threat fear, they responded:

  • Inadequate password and security practices (62%),
  • Ransomware attacks (59%),
  • Growing sophistication of cyberthreats (56%),
  • Loss of financial or other data through theft or sabotage (50%), and
  • Loss of intellectual property (37%).

Overall, many senior decision makers are confident about their ability to comply with data regulations (e.g. GDPR), but the majority feel vulnerable to hostile cyber-attack, and are taking significant steps to protect themselves.

Information Protection: Senior management reported the challenges of managing staff, remote working access management, and personal devices in the workplace. The research showed that overall, 7 in 10 (69%) organisations don’t allow employee access to their network from a personal or non-work device. In stark contrast, the 2019 employee research showed that 49% of employees use their personal email when working remotely, potentially exposing their organisation to a data breach as they bypass their organisation’s security measures.

However, over a third (36%) of large Irish firms who have experienced a cyber-attack continue to allow their staff full access from personal and mobile devices.

When working from home, the vast majority of organisations restrict employee access to documents and other information. However, in organisations employing over 500 staff, nearly a quarter (24%) of organisations do not put any restrictions on employees’ access when working from home.

When it came to using cloud computing as a solution to addressing large organisations IT challenges, 46% of Irish organisations’ senior decision makers felt they had no security concerns moving their data or systems to the cloud.

Comparing Employer and Employee Attitudes to Change
In early 2019, Microsoft conducted similar research, in collaboration with Amárach Research, by polling 900 employees of large Irish companies. They were asked about which additional security measures they would welcome, and those responses can now be compared with those of the IT decision makers (i.e. employers) from the most recent study.

When asked about employing a dual-device authentication system, 69% of employers were in favour, while only 41% of employees would welcome the change. The support for geo location verification was 64% among employers and 49% among employees. Biometric verification, whereby your laptop or phone reads your fingerprint or scans your face via the in-built camera to access a service, was very similar between employees and employers, at 58% and 62% respectively.

“Organisations face an ever-escalating threat from cyber-attack that is pushing organisations IT security to their limits. As a result, organisations can investigate 56% of the security alerts they receive daily,” said Des Ryan, Solutions Director, Microsoft Ireland. “The research shows that senior management in large organisations are worried about protecting their organisation, as new technologies transform their industry. A gap exists between organisations’ view of how secure they feel they are, versus the reality where their organisational security habits are leaving them open to data loss or hacking. Iterative security policies and poorly implemented planning have spawned some bad employer habits. Organisations must now ensure they are taking a considered approach to data security, and embrace new procedures and technologies, coupled with consistent training, enforced policies, along with better device upgrades to enable employees to deliver the productivity needed for successful transformation with a minimum of risk to the organisation.”

Stephen Parsons, Head of Information Security at SISK Group said, “We have been focused on transforming our cybersecurity strategy to identify and minimise risk across the organisation. The benefit of this is that we can streamline and simplify employee access to our network and automatically enforce policies to identify suspicious activity. This has served to eliminate recurring issues and risky behaviour and simplify security management across the organisation. As a result, we have increased both our productivity and confidence when it comes to compliance demands either legal or from our prospective or existing clients.”

 

***************************

Read our free guides to researching consumers, SMEs and other specialist subjects HERE

 

Our Insights


Has Consumer Spending Peaked?

17 Jun 2017

Our latest Economic Recovery Index report is out, and there is clear evidence of a plateau in sentiment. Check out ...


Our Emotional Rollercoaster

17 Jun 2017

Our latest Economic Recovery Index for April is just out, including a look at housing sentiment....

Creating Tomorrow, Today