Subscribe to our mailing list
Update your subscriptions for Grant Thornton publications and events.
Indeed, in a recent report published in the Republic of Ireland by Grant Thornton, the total cost of Cybercrime to the Irish economy was estimated to be €9.6Billion in 2020. Compare this to an estimated total of approximately €630Million just seven years previously, and it is clear that cybercrime is on the rise.
It is not only money held by businesses that Cybercriminals target – but their data too. The use of so-called ‘Ransomware’, where criminals gain access to data belonging to a business or individual and encrypt it, refusing to return it without the payment of a ransom (usually by way of Bitcoin or other Cryptocurrency) has risen dramatically during the pandemic. A number of high profile examples have made the headlines, but there have been many other similar attacks on smaller businesses.
Additionally, online fraud rose by some 55% last year, whilst email scamming (“phishing”) saw a 45% increase during 2020 alone, according to official figures published by Irish Authorities.
It is no longer a case of ‘if’ a business will be the victim of cybercrime, but ‘when’. What is perhaps even more alarming for Irish business is that Grant Thornton found that 43% of employees in a recent survey reported that they faced no restrictions whatsoever when accessing work-related materials remotely – and 20% of employees reported having had no training or guidance in how to protect themselves and their employer against cyber-attack.
A remote, more flexible way of working is here to stay for many businesses even when pandemic restrictions eventually come to an end. This is absolutely a good thing, and the benefits of this new way of working should be maintained wherever possible, but it will be vital that businesses protect themselves as best they can at the same time. Training of personnel is absolutely critical to this protection – and doing the basics right is one way that a business can help protect itself from attack.
All businesses should develop and implement a cyber-security strategy based on their business requirements. The level of investment a business should make in this respect will naturally differ from one business to another, but such investment should be considered an essential spend in today’s world. It is part and parcel of doing business both now and into the future.
Now is the time for businesses to review their security processes, to test their IT systems for weaknesses to cyber-attack, and for employees to be trained to recognise and prevent attacks. Not carrying out these measures could lead to large costs in the event of a future attack.