The figures show that data breaches, including employee mishaps and hacking attacks, have risen in the last year among Irish firms.
External attacks have shot up here, with almost one in five Irish companies saying that they were the victim of some kind of malicious external attack. The survey also shows that one in three Irish companies has no corporate data breach policy and that almost half are poorly trained for data breaches.
The survey, which was conducted by Fresh Perspectives on behalf of the Irish Computer Society, also shows that only two in five Irish firms have any internal sanctions for non-compliance with data protection rules.
And most Irish companies have no guidelines on transferring data outside the country, despite a majority engaging in such transfers. However, the research shows that Irish companies’ biggest threat continues to be “negligent employees”, with one in five singling out bungling staff as the biggest issue they face in keeping sensitive information secure.
Hackers are the next biggest worry (14pc) while staff losing unsecured phones, or USB keys comes third (12pc).
“Insecure third parties”, including some commonly used cloud services, are a data security concern for one in ten Irish companies.
But companies have become far less worried about “malicious employees”, with just 2pc of respondents saying that such people were a primary threat to compromising their firm’s data privacy.
And there is rising satisfaction with the level of training and understanding that staff possess relating to broad IT security policies outside of data breaches.
Around 60pc say that staff are “well” or “very well” trained when it comes to “information security” policies.
And despite a third of Irish workforces not being sufficiently familiar with data breach policies, two out of three companies say that they have implemented data breach policies in some or all of their business units.
Furthermore, there is a rising number of people who believe that they would be notified if a data breach occurred that affected their personal information.
More than three-quarters – 78pc – thought that it was “very likely or somewhat likely that this would happen, with just 8pc doubting they would be informed. The majority of data breaches suffered by Irish companies involve fewer than 100 records, according to the survey.
Irish companies also believe that the carrot is a better tutor than the stick when it comes to better implementation of IT security and data breach policies.
Almost two-thirds – 61pc – say that formal training and awareness programs are the best way to improve observance of best practice in the area, with just 2pc saying that more punitive measures for breaches were the answer.