New research from the Institute of Directors (IoD) in Ireland has found that 70% of business leaders and directors note that they are extremely or very concerned about the potential impact of cyber security threats to the business continuity of their primary organisation. Furthermore, 41% of business leaders reveal that their primary organisation has experienced a cyber attack. The findings are published today in the IoD’s latest quarterly Director Sentiment Monitor survey report.
Commenting on the findings, Caroline Spillane CDir, Chief Executive Officer of the Institute of Directors (IoD) in Ireland, commented:
“It is concerning to see our new research finds that 41% of respondents noted that their primary organisation has experienced a cyber attack. A cyber security attack can have a negative impact on an organisation’s reputation, finances and operational resilience. It is crucial that the governance of cyber security must evolve in line with the sophistication of the threat landscape, along with the introduction of necessary cyber security protection legislation and regulation measures. Our new findings around cyber security IT plans, incident response plans, and board agenda items, are positive to see. These measures are key to board leadership on cyber security and illustrate a director’s duty of care, as does directors’ training, which will enable them to effectively assess cyber security risks.”
The key findings of the IoD’s Director Sentiment Monitor for Q4 2022, include:
Cyber security attack? When asked, ‘Has your primary organisation ever experienced a cyber security attack?’ the respondents answered as follows:
- Yes: 41%
- No: 54%
- Don't know: 5%
Occurrence of cyber attack? Of the 41% who answered ‘Yes’ to the above question, they responded as follows to this question, ‘Did the attack happen…?’
- In the last six months: 25%
- In the last year: 21%
- In the last two years: 32%
- In the last three years: 13%
- Longer than three years ago: 9%
Concern about cyber security threats. When asked, ‘How concerned are you about potential cyber security threats to the business continuity of your primary organisation?’ the respondents answered as follows:
- Extremely concerned: 28%
- Very concerned: 42%
- It’s of some concern: 29%
- Not concerned at all: 1%
- No opinion: 0%
Board agenda. When asked, ‘In respect of your primary organisation how often is cyber security on the agenda of your board meeting?’ the respondents answered as follows:
- Every board meeting: 36%
- Quarterly: 27%
- Twice a year: 9%
- Annually: 16%
- Never: 7%
- Other: 4%
Incident response plan. When asked, ‘Does your primary organisation have a cyber security incident response plan in place?’ the respondents answered as follows:
- Yes: 81%
- No: 16%
- Don't know: 3%
IT and cyber security strategy. When asked, ‘Does your primary organisation have a board-approved IT and cyber security strategy?’ the respondents answered as follows:
- Yes: 67%
- No: 31%
- Don't know: 2%
Cyber security training. Have you undertaken cyber security training in the last 12 months?
- Yes: 67%
- No: 23%
- No, but I plan to: 9%
Cyber security training plan. When asked, ‘Does your primary organisation have a cyber security training plan for board members, executive management, and staff?’ the respondents answered as follows:
Board Members
- Yes: 44%
- No: 51%
- Don't know: 5%
Senior Executive Management
- Yes: 82%
- No: 14%
- Don't know: 4%
Staff
- Yes: 79%
- No: 15%
- Dont know: 6%