Matheson: Business leaders feel they need to do more to prepare for cyber incidents
A significant proportion of Irish business leaders feel they can do more to prepare their organisation for a serious cyber incident, while few know about coming regulatory changes at an EU level, a survey conducted by Matheson suggests.
The law firm surveyed attendees at its recent cyber security and data protection conference, which heard from Matheson lawyers as well as representatives of the Garda National Cyber Crime Bureau and the Data Protection Commission.
Almost 35 per cent of respondents have either suffered from or had experienced several failed cyber-attacks over the past 18 months, while 43 per cent said their organisation had not suffered from a cyber-attack.
Although around 40 per cent feel that their organisation is ready to deal with a serious cyber incident from a compliance and security viewpoint, more of them (46 per cent) think there is still work to do.
According to the survey, the top three challenges which organisations face when preparing for cyber resilience are multi-disciplinary cooperation across teams (66 per cent); hiring the right people (49 per cent); and budget (33 per cent).
The two most pressing data protection challenges which attendees face are establishing robust governance processes (43 per cent) and dealing with international transfer obligations (29 per cent), followed by managing data breaches and notifications (15 per cent) and complying with data subject rights requests (14 per cent).
Respondents said the most relevant recent or incoming pieces of EU legislation are the Digital Services Act (40 per cent); the Network and Information Security Directive (NIS 2) / Digital Operational Resilience Act (DORA) (33 per cent); AI Regulation (30 per cent); and the Digital Markets Act (25 per cent).
However, while a sizeable number (25 per cent) are well informed about incoming EU law changes, almost half (48 per cent) have some gaps in their knowledge and almost a quarter (24 per cent) have not much knowledge at all. Just three per cent say that they are very well informed.
The hybrid event had over 400 online and in-person attendees.
Anne-Marie Bohan, partner and head of Matheson’s technology and innovation group delivered the opening address and introduced the first panel session, Cyber Resilience, which explored the latest trends in cyber-crime and our readiness to respond to them.
Chaired by Matheson partner Deirdre Crowley, the panellists included Detective Inspector Brian Halligan of the Garda National Cyber Crime Bureau; Stuart McKenzie, senior vice president of Mandiant Consulting EMEA and Sandra Skehan, deputy commissioner of the Data Protection Commission.
The conference’s second panel discussion – Privacy Litigation – dealt with the regulation of data in the EU and was chaired by Ms Crowley, who was joined again by Sandra Skehan and by Karen Reynolds, partner in Matheson’s commercial litigation and dispute resolution department.
Finally, an “In conversation with” session with Matheson partners Susanne McMenamin of the firm’s corporate M&A group and Carlo Salizzo from Matheson’s technology and innovation group analysed news and developments in data protection and other upcoming Irish and EU legislation, what Irish businesses and directors need to focus on, and how best to get them on the agenda.