Remote working and the threat of cyber-attacks are the number one data protection concern for 65% of Irish companies in 2021. This is according to a new survey from the Association of Compliance Officers Ireland (ACOI) which sought to understand the current data protection risks facing companies – 85% of whom have more than 75% of their workforce currently working from home. The survey of more than 250 organisations – answered by ACOI members with responsibility for compliance in financial organisations throughout the country, revealed that the mobile workforce arrangements, necessitated by the pandemic since last year, have left employers feeling increasingly vulnerable to data protection breaches.
Speaking of the findings Michael Kavanagh, CEO of ACOI,
“It’s abundantly apparent from this survey that remote working is a major issue facing firms this year when it comes to data protection, with 34% of businesses voicing their concerns around the risks associated with it. Given how intertwined the two things are it is perhaps unsurprising that risk of cyber-attack was cited by 31% of respondents as the biggest concern. Indeed, the two are not mutually exclusive, with remote working increasing organisations’ vulnerability to attacks.
85% of our respondents have more than 75% of their workforce out of the office at the moment and while the survey suggests that the remote working landscape will certainly not look the same in 12 months, it is clear that the intricacies of having a national mobile workforce is something that all organisations will have to consider, both now and into the future, as flexibility around where people carry out their various roles becomes a key feature of modern day business.”
The remote working risk
The ACOI report that in the last 12 months many organisations have had to reassess their data security systems to adapt to new levels of cyber risk to internal assets and data, and urge that any that have yet to do so, need to move with some immediacy to rise to the data protection challenges of an off-site workforce. When asked if the risk of cyber-attack has become a greater consideration since the redeployment of staff to home-based working, 89% of respondents said it has, to varying degrees.
Mr. Kavanagh commented,
“Redeploying employees to work from home has “considerably” increased risk for 37% of organisations, while 52% said it had increased risks “a little”. What’s interesting is that when we asked the same question last year 10% fewer organisations felt the risk had increased “considerably”. This would suggest that the recognition of, appreciation for, and experience of, risk is growing.
The context for cybercrime and cyber-attack in Ireland is constantly evolving. PWC’s Irish Economic Crime Survey 2020[1] found that 69% of firms in Ireland have experienced cybercrime in the last 24 months, and that the incidence of cybercrime in Ireland (69%) is double that experienced by global companies (34%). The report also outlines that Ireland is now Europe’s largest data hosting cluster, putting the need for elevated cybercrime and data protection systems into sharp focus.”
The ACOI advise that regulators in Ireland and around the world have been constantly updating and issuing new guidance to firms in response to emerging cyber security issues, such as fake documentation, the reliability of information sources, and data privacy and protection. While the level of risk varies according to the sector, it is widely accepted among the financial services sector that COVID-19 has led to heightened risks in relation to money laundering and cyber-attacks.
Detect and Protect
Mr. Kavanagh explains that there are ways for compliance professionals to detect and mitigate the increasing level of risk from cyber-crime that the business world is seeing.
“Whether it’s keeping your software and security systems up to date, running regular checks, or introducing more complex processes such as two-step authentication to your transactions and communications, there are small steps that businesses can take that will help detect and protect them from cyberthreats. However, a combination of technology and human resources will always be the best approach to maintaining cyber-safe and secure working practices and operational environments.”
Appendix
What is the number one data protection risk for your company in 2021?
- Remote working 34%
- Cyber-attacks 31%
- New rules around International data transfers – Schrems II 13%
- The volume of staff training needed 8%
- Brexit 7%
- Anti-Money Laundering and Counter Financing of Terrorism obligations 7%
Approximately what percentage of your organisation’s staff are now working remotely?
- 100% 40%
- Between 75 – 100% 45%
- Between 50 – 75% 3%
- Between 25% – 50% 4%
- 50% 2%
- Less than 25% 6%
Approximately what percentage of your organisation’s staff are likely to be partially or fully working remotely in 12 months?
- Between 50 – 75% 38%
Between 75 – 100% 25%
- Between 25% – 50% 14%
- 50% 8%
- Less than 25% 8%
- 100% 7%
Has financial crime and the risk of attack become a greater consideration since some of your workforce have been redeployed to work at home?
- Yes, it has increased the risks a little 52%
- Absolutely, it has increased the risks considerably 37%
- Not at all 11%