A new report from the Irish Computer Society highlights a real gap in Irish Boards’ oversight of cyber resilience in their organisations.
The report identifies three key areas:
- Capability & Confidence
One in five report that they are either not discussing Cyber Resilience at all or are not being briefed about ongoing developments.
Four in five have not participated in any testing of cyber incident response plans in the last year.
One in three Board Member respondents say that they have received no cyber training in the last 12 months.
- Direction & Oversight
One in six respondents say that their organisation does not have a statement of risk appetite. Of those who do, only half are satisfied or very satisfied that it reflects the board’s position on Cyber Resilience.
Half of respondents have not been briefed on the threats posed by third party contracts in the last year (17 per cent) or ever (32 per cent).
Only three in five are satisfied or very satisfied that people who work in the organisation understand the priority that the board places on Cyber Resilience. Given that most cyber-attacks exploit “human factors”, this represents a serious gap in cyber defences.
- Formal Assurances
Only half of respondents reported having received assurance from management or from independent external testing (regarding the adequacy of their cyber defences).
“The survey results make it clear that urgent action is required in many boardrooms to equip organisations with the ability to recover rapidly from a cyber-attack,” said Bob Semple, who led the research.
“Cyber risks affect us all – as individuals and in the organisations where we work. But in organisations, the consequences of a cyber-attack can be far more serious – in terms of the losses suffered, operations paralysed and reputation damaged,” said Professor Mike Hinchey, President of the Irish Computer Society.
“For Board Members, the responsibility to address these concerns is enormous and the consequences of not doing so, potentially calamitous,” he added.
The report presents findings from a survey of 169 Board Members of Irish organisations from every sector. The survey and analysis was conducted September/October 2020. The aim of the report is twofold:
- to help raise awareness among Board Members of Irish organisations of the different types of cyber-attack that their organisations may encounter, and
- to provide practical guidance on the steps their Boards can take to cultivate greater resilience against those attacks.
Announcing the report, newly appointed ICS Secretary General, Mary Cleary, said, “We are very grateful to the work of the Cyber Resilience Working Group, a remarkably experienced group of ICS Fellows – the highest grade of professionalism within the society.
“The ICS has an important role to play in representing the voice of the IT profession, distinct from the IT industry, in public policy debate. This report does exactly that.”
About the Working Group
The ICS Cyber Resilience Working Group exists to provide insight and practical advice to members and the IT profession as a whole with regard to cyber security, readiness and resilience.
- Bob Semple (FICS), Facilitator & Consultant – Cyber Resilience (Chair)
- Dr Frank Bannister (FICS), Fellow Emeritus – TCD
- Jeremiah Russell (FICS), MD Jerus Data Protection Ltd
- Joan Maguire (FICS), Training Consultant & Principal – CompuCara
- John Molony (FICS), ICS Council
- Prof Mary Sharp (FICS), Visiting Research Fellow, Computer Science – TCD
- Mary Cleary (Secretary General) ICS
- Michael Tighe (MICS), Head of Communications, ICS
- Prof Mike Hinchey (FICS), LERO, IFIP President, ICS President
- Patrick O’Beirne (FICS), Consultant, Systems Modelling Ltd
- Ted Parslow (FICS), Chair – Third Level Computing Forum
View the report and a range of resources at www.ics.ie/cyberresilience