[31.01.2007 first posted on silicon republic]
Cyber crime is affecting almost all Irish organisations, with 86pc saying they have experienced this over the past 12 months and almost a quarter (24.4pc) reporting that their systems had been breached by outsiders, new research reveals.

The ISSA (Information Systems Security Association)/UCD (University College Dublin) Irish Cybercrime Survey 2006 – the first study of its kind in the State – found that almost all respondents (98pc) said they had been affected by cyber crime. “We can unequivocally say there is a problem,” said Owen O’Connor, vice-president of ISSA Ireland and one of the authors of the report..
Arguably, the meat of the report comes in the less-reported categories: 39pc of organisations said they had suffered financial fraud, with 19.5pc saying this had occurred within the past year.
Just over one third (36.6pc) had intellectual property stolen and around half that amount said this had happened over the past 12 months. Some 34.1pc were targets of a denial of service attack and 31.7pc reported intrusions to their systems – the same number for external and internal attacks. Telecoms fraud appears to be waning: 29.3pc said they had been affected by it but just 4.9pc said this had happened in 2006.
By far the most common issue affecting Irish organisations is malware or virus infection, cited by 90pc of respondents. O’Connor said that the finding challenged the assumption that the virus problem had been solved or was simply “background noise” in an IT manager’s working day. Last year alone, 48.8pc of organisations said they had been hit with viruses..
Next on the list was misuse of systems (87.8pc), although the researchers said this has more to do with browsing unsuitable websites rather than actual criminal behaviour. Almost two thirds of those surveyed (63.4pc) reported asset theft as a problem and phishing was next at 56.1pc.
Employee harassment also figured high on the list, with 41.5pc saying that outside parties had subjected their staff to cyber bullying. There were similar figures for internal harassment (39pc).
In terms of the impact on business, nine out of 10 reported a loss of productivity and 55pc said they had lost data as a result. Interestingly, more than two out of five cases (44.4pc) resulted in an employee leaving or being sacked. Just over 5pc said that cyber crime had resulted in long-term loss of business or affected profits. Virtually all survey respondents (97pc) said they used internal disciplinary processes in following up an event.
The survey was conducted by the ISSA and the UCD School of Computer Science and Informatics. It also shed light on how Irish organisations detect evidence that a cyber crime incident has occurred. The majority of incidents (68pc) are still discovered accidentally, although comfortingly for security sellers everywhere, 61pc of respondents said that technology had helped them to detect something out of the ordinary.
Less encouraging was the fact that 62pc of respondents said that external sources had reported cyber crime to them. This broke down as 58pc of leads coming from unconnected organisations such as the media and 46pc by connected organisations such as suppliers or business partners.
More than one fifth of respondents said that their most serious cyber crime incident cost them more than €100,000. “That’s far more than we would have predicted,” said O’Connor. Almost a quarter of organisations estimated the financial losses at up to €5,000 and the same number put the cost at between €5,000 and €25,000.
Launching the report this morning, the Tánaiste and Minister for Justice Michael McDowell TD noted the significant financial losses involved. “If that was arson or theft you’d take it very seriously indeed,” he said. McDowell added that the Government was committed to supporting moves to combating cyber crime, including new legislation if necessary.
The research was carried out late last year and was limited to medium and large organisations in the public and private sector with a significant connection to the Republic. Security consultancies were specifically excluded from replying because this would have introduced bias. All told, 42 valid responses were received from a sample set of 135. The response rate of 31pc compares favourably with similar surveys elsewhere, the organisers said.
O’Connor said he was very satisfied with the response rate, quality of answers and diversity of respondents in the survey’s first year, adding that there was scope to delve more deeply into some of the issues in follow-up research.
Dr Pavel Gladyshev from UCD School of Computer Science and Informatics and co-author of the report, pointed out that some respondents had to go to senior management to obtain permission to complete the survey – indicating the extent of the cyber crime problem and the sensitivity to it at high levels.
By Gordon Smith