There are a variety of traditions that many of us look forward to celebrating on St. Patrick’s Day every year. Parades. Wearing green shirts with “clever” sayings on them like Kiss Me I’m Irish. Eating corned beef and cabbage. Drinking Shamrock shakes, Guinness, and perhaps something a little stronger… hopefully not back-to-back. We also like to talk about having the “luck of the Irish.”
But it would appear that the luck of the Irish doesn’t necessarily apply when it comes to data security.
In honor of St. Patrick’s Day, I took a look at the Irish Computer Society survey from December 2015 – completed by approximately 150 of the country’s top data protection professionals – to get a sense for the data protection concerns plaguing the good people of Ireland like the snakes St. Patrick was said to have dispatched of centuries ago.
Data Breaches (Sonraí Sáruithe)
A data breach in Ireland is not an uncommon occurence.
Fifty-five percent of Irish organizations reported they experienced a data breach in the past 12 months, and 73% have experienced a data breach at some point in the organization’s history.
Of those that experienced a data breach in the last 12 months, when more than 100 data records were compromised, it was the result of a staff member 71% of the time.
Additionally, 28% of those surveyed believe that the risk of an external data breach in their organization has increased since last year, and 46% believe the risk remains the same.
Employee negligence is the biggest security concern (23%) followed by external attacks that seek to obtain data (15%) and the compromise of end user devices with sensitive data (11%).
While employee negligence is the chief concern, it would appear there still a lot more work Irish organizations need to do to help prepare their staff.
Only 58% of Irish organizations are confident that their staff clearly understands their information security policy, and that policy is always implemented correctly just 33% of the time.
Additionally, there are security gaps throughout many Irish organizations. Just 34% of organizations report that their data protection policies are implemented fully across all business units.
Employee Knowledge (Eolas d’Fhostaithe)
So what’s the best approach to addressing employee-related concerns and improve policy awareness and implementation? According to 57% of organizations, conducting formal training and awareness programs is the most effective way to educate internal end users about data protection best practices.
However, 22% of Irish data protection professionals report they have received no data protection training from their employer, and another 19% say the training they have received has been insufficient.
Only 26% of Irish organizations are very confident that their staff knows what procedures to follow in the event of a data breach or other data protection issue.
Beyond Ireland (Beyond Éirinn)
As a member of the European Union, it makes sense that much of the data from Irish organizations goes beyond the country’s borders. Sixty-four percent of Irish organizations transfer data internationally, within and/or outside of the EU.
Unfortunately, 49% of organizations said they were only slightly prepared or not at all prepared to implement the new EU General Data Protection Regulation, the data security law that now applies to all EU member states.
So, if you happen to wake up after St. Patrick’s Day with a touch of a hangover, remember that it could be worse. At least you weren’t the victim of a data breach (hopefully).
Want to learn about the data breaches that occurred around the world in 2015? Download the complete 2015 Data Breaches Report. You can also check out our Breach Level Index 2015 infographic to quickly review some of the most notable breach statistics of 2015.
We hope that you’ll also connect with us on Twitter via @GemaltoSecurity to discuss the data breach trends, information security news, and more.