New research published today by cyber security experts, BAE Systems reveals a surprising disconnect between C-suite executives and IT Decision Makers in defending against cyber threats.
The research, conducted in eight countries around the world, shows that C-suite and IT leaders believe that each other is responsible for managing the response to a cyber-attack.
BAE Systems commissioned strategic insight analysts, Opinium to undertake an extensive piece of research to understand the current state of play when it comes to business cyber security.
A total of 221 C-suite and 984 IT Decision Makers were polled to understand their concerns and perceptions of preparedness when it comes to their own cyber security. The research shows that the C-suite level estimate the cost of a successful attack to be dramatically lower than their IT colleagues.
These latest findings reveal that cyber-security is the most significant business challenge to 71% of C-suite respondents.
Additionally, 72% of IT Decision Makers think they will be targeted by a cyber-attack in the next 12 months, and both groups report that they expect the frequency and severity of attacks to increase.
Therefore it has never been more important for businesses to understand the nature of the threat and how to combat it. To counter this, more than half of C-suite respondents (55%) plan to devote more time and resource to cyber security.
Key findings include:
- 35% of C-suite respondents say their IT teams are responsible in the event of a breach whereas 50% IT Decision Makers think responsibility sits with their senior management and leaders.
- IT Decision Makers believe the cost of a successful cyber-attack on their business to be around US$19.2m compared to an estimation of just US$11.6m from C-suite.
- C-level executives say that 10% of their organization’s IT budget is spent on cyber security and defense, compared to 15% according to IT Decision Makers.
- 84% of the C-suite and 81% of IT teams are confident that they have the right protection in place to defend against a cyber attack.
- However, both groups believe the number and severity of attacks will increase over the coming year with 78% of C-level respondents and 68% IT teams predicting an increase in the number of attacks, and 66% and 68% respectively predicting an increase in the severity of attacks.
- More than half (55%) of C-suite respondents say they plan to increase spending on cyber security in the coming year.
- While 82% of IT teams report that their cyber security spend is part of a comprehensive strategy, only half of the C-suite (50%) believe this to be the case.
- 41% of C-suites believe the investment is more ad hoc, rising to 70% of those who are not confident of their ability to prevent a cyber attack.
The disconnect in opinions between C-level respondents and IT Decision Makers when it comes to potential threats, accountability and responsibility creates gaps for attackers to exploit.
With regulatory fines starting to become a bigger issue, organizations need to plan ahead for successful incidents and ensure that the C-suite and IT teams are working together to narrow gaps in understanding, intelligence and responsibility.