EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
Discover how EY's cybersecurity, strategy, risk, compliance & resilience teams can help your organization with its current cyber risk posture and capabilities.
Read more
Irish cybersecurity functions are underfunded. More than half (52%) of the respondents to the EY Ireland Global Information Security Survey (GISS) 2021 said it is just a matter of time until they suffer a major breach that could have been avoided had their organisations invested more wisely in cybersecurity.
This lack of funding is not merely due to a paucity of resources. It reflects a lack of appreciation at boardroom level for the scale and nature of the threat posed by cyber criminals. It also demonstrates the absence of a cybersecurity voice in key strategy conversations.
The question for Irish Chief Information Security Officers (CISOs) is how they can address the funding issue by playing a greater strategic role in their organisations.
The first step is to move the boardroom discussion away from numbers. If cybersecurity is just another budget line item, it will always be reviewed with an eye to cuts. However, if the discussion is about the value of the assets being protected, the tenor and outcome will be very different. The numbers will centre on potential loss rather than expenditure and the fight for resources will be easier to win.
To achieve that outcome CISOs need to build closer relationships with other key stakeholders in the business including finance, HR, and marketing teams. Their support will be critical when cybersecurity comes up for discussion at board and C-suite levels.
It’s all about relationships
A significant proportion (44%) of Irish CISOs say they have a poor relationship with their organisation’s business heads. At the same time, a high proportion (48% and 42%, respectively) admit to having very poor relation relationships with HR and marketing functions. Those poor relationships can only hamper CISOs in carrying out their functions.