October’s Cyber Security Month highlights how small, consistent actions can reduce risk.
The Hiscox Cyber Readiness Report 2024 found that Irish businesses experienced an average of 58 cyber attacks in the previous 12 months, with 74% reporting an increase in attacks, and more than 1-in-10 suffering financial costs of between €1 million and €10 million. At the same time, 76% of organisations now view cyber resilience as crucial to business strategy.
The forthcoming National Cyber Security Bill 2024 is designed to transpose the EU’s NIS2 Directive into Irish law, while also granting the National Cyber Security Centre new statutory powers, and strengthening enforcement. Combined with Dublin’s growing role as a cyber security hub, this is a clear signal for Irish businesses to adopt structured approaches to managing security and compliance.
This highlights the need for stronger leadership on cyber security – something ISO/IEC 27001 supports through its defined requirements for an Information Security Management System (ISMS), enabling organisations to systematically manage information risks.
The good news? Building resilience doesn’t require an overhaul; it starts with steady, purposeful routines embedded in everyday operations. To support ongoing vigilance, organisations may consider the following routine steps:
Every Week: Build Everyday Safeguards
Weekly routines help organisations address common threats and maintain baseline protection.
- Update operating systems, software patches, and antivirus
- Back up essential files securely
- Encourage staff to identify and report phishing attempts
- Monitor logins and device activity for anomalies
Every Month: Strengthen Core Controls
Monthly checks reinforce internal controls and provide assurance that day-to-day protections are working.
- Run full antivirus scans across devices
- Review account security by enabling multi-factor authentication (MFA) and ensuring strong, unique passwords
- Test backup recovery processes
- Review user access rights as teams change
Every Quarter: Prepare for EU Directives
Quarterly reviews demonstrate a proactive approach to cyber risk management and help align with GDPR and NIS2 requirements.
- Deliver refresher awareness training for staff
- Consider running a phishing simulation exercise
- Update the IT asset inventory
- Apply updates to third-party software
- Review internal security policies, such as data protection responsibilities, and ensure clarity on who is responsible for demonstrating compliance with GDPR?
- Ensure you know your obligations, including when to report a breach to the DPC/NCSC
Every Year: Build Long-Term Assurance
Annual activities provide evidence of resilience to regulators, customers, and supply chain partners.
- Undergo penetration testing or IT security assessments
- Review and test the incident response plan
- Renew training and maintain organisational certifications, such as ISO/IEC 27001 or Cyber Essentials
- Assess supplier and partner security posture
For further information, see our 10 Essential Tips for SME’s.
What ISO 27001 Certification Means for Your Business
ISO 27001 sets out the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System. It is internationally recognised and supports the structured management of information risks in line with defined policies and objectives.
To find out more about how certification to ISO 27001 can support your organisation’s information security objectives, contact our team today and take the next step in your certification journey.
