IT Security

C-suite, IT disconnect

by Mark Rowe

There’s a surprising disconnect between C-suite executives and IT decision makers in defending against cyber threats, according to research by the defence and cyber security company BAE Systems. The research, done in eight countries, shows that C-suite and IT leaders believe that each other is responsible for managing the response to a cyber-attack.

BAE Systems commissioned analysts Opinium to make the research into business cyber security. A total of 221 C-suite and 984 IT decision-makers were polled to understand their concerns and perceptions of preparedness when it comes to their own cyber security. The research shows that the C-suite level estimate the cost of a successful attack to be dramatically lower than their IT colleagues.

These latest findings reveal that cyber-security is the most significant business challenge to 71pc of C-suite respondents. Also, 72pc of IT decision makers think they will be targeted by a cyber-attack in the next 12 months, and both groups report that they expect the frequency and severity of attacks to increase. Therefore it has never been more important for businesses to understand the nature of the threat and how to combat it. To counter this, more than half of C-suite respondents (55pc) plan to devote more time and resource to cyber security.

Findings include:

· 35pc of C-suite respondents say their IT teams are responsible in the event of a breach whereas 50pc IT Decision Makers think responsibility sits with their senior management and leaders.
· IT Decision Makers believe the cost of a successful cyber-attack on their business to be around US$19.2m compared to an estimation of just US$11.6m from C-suite.
· C-level executives say that 10pc of their organisation’s IT budget is spent on cyber security and defence, compared to 15pc according to IT decision makers.
· 84pc of the C-suite and 81pc of IT teams are confident that they have the right protection in place to defend against a cyber attack.
· However, both groups believe the number and severity of attacks will increase over the coming year with 78pc of C-level respondents and 68pc IT teams predicting an increase in the number of attacks, and 66pc and 68pc respectively predicting an increase in the severity of attacks.
· More than half (55pc) of C-suite respondents say they plan to increase spending on cyber security in the coming year.
· While 82pc of IT teams report that their cyber security spend is part of a comprehensive strategy, only half of the C-suite (50pc) believe this to be the case.
· 41pc of C-suites believe the investment is more ad hoc, rising to 70pc of those who are not confident of their ability to prevent a cyber attack.

Kevin Taylor, Managing Director of BAE Systems Applied Intelligence, said: “This research confirms the importance that business leaders place on cyber security in their organisations. However, it also shows an interesting disparity between the views of C-level respondents and those of IT Decision Makers. Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different.

“With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognise the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat.”

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing