Third-party cyber risks represent a blind spot for businesses here and globally, according to a report which included a survey of businesses carried out by PwC.
Third-party risk refers to potential threats that arise from the increased complexity of business relationships in the digital space that results in more information being shared online through sales, supplier and technology support networks, for example.
The 2022 Global Digital Trust Insights Survey of over 3,600 business leaders globally, including Ireland, found that only 38% of Irish respondents had a 'high' understanding of the risk of data breaches through third parties.
Globally, that response was slightly higher at 41% of participants.
For sophisticated cybercriminals, the supplier ecosystem is viewed an attractive method to exploit weaknesses as there can be multiple victims if an attack is successful.
One in four business leaders here had little or no understanding at all of these risks, with the global figure standing at one in five.
Almost two thirds of Irish business executives anticipate an increase in cyber crime in 2022, the survey found.
Less than a third said they had made "significant progress" in minimising financial losses to cyber disruptions.
A large majority of Irish respondents confirmed that the complexity of their organisation poses "concerning" cyber and privacy risks.
The incidence of cyber attacks and attempted breaches of data rose significantly since the onset of the pandemic almost two years ago.
The complexity and sophistication of such attacks has also increased.
The European Union Agency for Cybersecurity recently said it was anticipating a quadrupling of supplier attacks.
"Organisations can be vulnerable to an attack even when their own cyber defenses are good. A sophisticated attacker searches for the weakest link - sometimes through the organisation's suppliers networks," Pat Moran, PwC Ireland Cybersecurity Leader explained.
"Gaining visibility and managing your organisation’s web of third-party relationships and dependencies is a must. Yet, in our experience, fewer businesses than we would like are responding to the escalating threats that complex business models pose," he added.
Mr Moran emphasised that companies must look at cybersecurity as more than a defence mechanism, but as a means of sustaining their reputation and brand loyalty and to build trust with their customers.
"As leaders of organisations, CEOs set the tone for focusing their cybersecurity teams on bigger-picture, growth-related objectives rather than narrower, short-term expectation," he concluded.