Cybersecurity continues to be top of mind for Irish business leaders

PwC’s 2024 Digital Trust Insights survey found that the proportion of businesses around the world that have experienced a data breach of more than €1M has increased by a third in 2023 compared to 2022 - from 27% to 36%.

Moira Cronin is a partner in PwC Ireland

The survey shows that cybersecurity continues to be top of mind for Irish business leaders, and now more than ever. Business leaders need to be agile and adapt to the changing market. With emerging tech developments such as Artificial Intelligence hitting the market in transformative ways, executives must challenge the status quo by building security into the fabric of their organisations instead of reacting once there is a crisis.

GenAI has emerged at the top of senior executive’s agendas for the next 12 months. The survey highlights an increasing concern about the rise of GenAI as it relates to cybersecurity. Over half (53%) of Irish respondents expect GenAI to lead to catastrophic cyber attacks in the next 12 months (Global: 52%). The EU AI Act aims to change all of this by protecting EU citizens from the risks of AI in terms of health, safety, fundamental rights, democracy, rule of law and the environment.

Concerningly, less than half (45%) of Irish respondents reported to understand the cyber risks related to GenAI and have included it in their formal risk management plans—significantly less than their global counterparts at 58%.

Deploying GenAI for Cyber defence

At the same time, 58% of the survey’s Irish respondents expect their business to deploy GenAI for cyber defence over the coming 12 months (Global: 69%). GenAI tools can help reduce the disadvantage for cyber teams overwhelmed by the sheer number and complexity of human-led cyber attacks, both of which continually increase.

Also, many Irish business leaders were positive about the potential of GenAI, for example, 77% agreed that GenAI will help their organisation develop new lines of business within the next three years; 61% agreed that GenAI-driven processes within their organisation will increase employees’ productivity within the next 12 months.

Organisations should adopt a responsible approach to GenAI and how it is used to enhance cybersecurity to ensure it is appropriately used. Although it’s often considered a function of technology, human supervision and intervention are essential. When they begin working with GenAI, along with security and privacy risks, business leaders must now account for additional areas of risk, including ethical and human risk - and ask themselves: does it feel right?”

Nearly seven out of ten (69%) Irish respondents reported that they will increase their organisation’s cyber budget in the year ahead but lag global peers (80%).

Third-party breaches top cyber threat for Irish organisations

Malicious groups are continuing to target relationships between organisations and their suppliers to gain access to the organisation's network or sensitive data through alternate channels. Not surprisingly, third-party breaches (42%) is the top cyber-related threat reported by Irish respondents, followed by ransomware (37%). Globally, the top cyber threat identified by respondents emerged as cloud-related threats (47%). Outsourcing to third-party service providers, including cloud providers, leads to a more complex cybersecurity risk profile but, worryingly, the survey reveals that less than two-thirds of respondents have implemented a plan to manage the risks associated with cloud service providers.

Regulation is costly

Half (50%) of Irish respondents plan to prioritise compliance with regulations in their cyber budget, ahead of global peers (31%). In particular, the coming months will be pivotal for cybersecurity and how companies manage threats and risks to their business. Two substantial pieces of EU legislation are coming down the tracks. The Network and Information Security Directive (NIS2) introduces greater cybersecurity standards for operators of critical services and infrastructure. The Digital Operational Resilience Act (DORA) applies to the financial services sector ensures that financial services organisations can withstand, respond and recover from all types of ICT/Cyber threats not only within their own organization but at the third parties supporting them,

While compliance with NIS2 and DORA is imperative for organizations we encourage organizations to look beyond the regulation to the opportunity it presents. The cadence of these regulations are not just about ticking another compliance box, it is about building the resilience of your organization, strengthening your cyber defences and protecting the value that you and your businesses have worked so hard to create.

Moira Cronin is a partner in PwC Ireland