IT professionals and c-suite executives are split over which party should manage the response to a cyber attack, with both thinking it’s the other’s responsibility.
New research from BAE Systems reveals a “surprising disconnect” between the boardroom and IT decision-makers – a disconnect that could be leaving companies vulnerable to cyber crime.
BAE polled 221 c-suite and 984 IT heads in eight countries to canvas their views on preparedness when it comes to their own cyber security.
It found 35 per cent of C-suite respondents say their IT teams are responsible in the event of a breach whereas 50 per cent of IT decision-makers think responsibility sits with senior management.
The research also found that executive and IT professionals significantly differ when it comes to estimating the cost to their business of a successful attack, with IT teams putting the cost at around $19.2 million compared to just $11.6 million for executives.
Yet despite this disconnect, both parties broadly agree that cyber crime is a major threat to their business. 71 per cent of executives say cyber security is their “most significant business challenge” and 72 per cent of IT decision-makers expect to be targeted by a cyber attack in the next 12 months.
To address the challenge, half of C-suite respondents (55 per cent) plan to devote more time and budget to cyber security.
Kevin Taylor, managing director of BAE Systems Applied Intelligence, said: “This research confirms the importance that business leaders place on cyber security in their organisations. However, it also shows an interesting disparity between the views of c-level respondents and those of IT Decision Makers. Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different.
“With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognise the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat.”
BAE said it is crucial that companies start to plan better for cyber crime incidents, given the risk they pose to their operations and regulatory fines becoming a bigger issue. Firms should plan ahead for potential incidents and ensure that executives and IT teams are much more closely aligned, BAE said.