According to a recent EY report on Global Information Security, "poor employee awareness, inadequate knowledge of information security at board level and insufficient budgets are still exposing companies to undue risk."
72% of Irish organisations surveyed had experienced a significant cyber security incident. That figure cannot be ignored.
With the Companies Act 2014 came the long awaited codification of Directors' Duties.
A Director of a company is required by law to:
- Act in good faith in the interests of the company;
- act honestly and responsibly in relation to the conduct of the affairs of the company; and
- exercise the care, skill and diligence which would be exercised in the same circumstances by a person having your knowledge and skill.
Directors also owe duties to the Shareholders and employees of the Company.
As a Director of a company, if a cyber security incident occurs as a result of a breach of one of your duties as a Director, you may required to indemnify your company as a result of any loss suffered.
Are you and your fellow Directors prepared to take that risk? With the upcoming influx of data protection legislation and the rise in cyber attacks, now is the time to take action.
Commenting on the findings, Cyber Security Leader at EY Ireland, Hugh Callaghan said, "Our research shows that while Irish businesses are now more focussed than ever on managing cyber risk, they are still playing catch-up with cyber criminals, who continue to find ways around organisations’ security controls and exploit their employees’ lack of awareness to steal money and data.