IT decision makers, C-suite executives each believe the other is responsible for cyber breaches: study

IT decision makers and C-suite executives each believe the other is responsible in the event of a cyber breach, according to new research from BAE Systems, a provider of technology defence, aerospace and security solutions.

According to BAE Systems’ 2017 Cyber Defence Monitor Research, C-level executives also predict the cost of cyberattacks to their businesses to be US$7.6 million less than their IT colleagues (US$11.6 million from C-suite versus US$19.2 million for IT decision makers). For the report, strategic insight analysts Opinium polled 221 C-suite at Fortune 500 companies and 985 IT decision makes in eight countries: the United Kingdom, Germany, United States, Canada, Australia, Singapore, Malaysia and the United Arab Emirates.

The latest findings reveal that cybersecurity is the “most significant business challenge” to 71% of C-suite respondents, BAE Systems said in a press release on Thursday. Additionally, 72% of IT decision makers think they will be targeted by a cyberattack in the next 12 months, and both groups report that they expect the frequency and severity of attacks to increase. To counter this, BAE Systems reported, more than half of C-suite respondents (55%) plan to devote more time and resource to cybersecurity.

Other key findings included:

• 35% of C-suite respondents say their IT teams are responsible in the event of a breach, while 50% of IT decision makers think responsibility sits with their senior management and leaders;
• C-level executives say that 10% of their organization’s IT budget is spent on cybersecurity and defence, compared to 15% according to IT decision makers;
• 84% of the C-suite and 81% of IT teams are confident that they have the right protection in place to defend against a cyberattack;
• Both groups believe the number and severity of attacks will increase over the coming year, with 78% of C-level respondents and 68% IT teams predicting an increase in the number of attacks, and 66% and 68% respectively predicting an increase in the severity of attacks;
• While 82% of IT teams report that their cybersecurity spend is part of a comprehensive strategy, only half of the C-suite (50%) believe this to be the case; and
• 41% of C-suites believe the investment is more ad hoc, rising to 70% of those who are not confident of their ability to prevent a cyberattack.

“This research confirms the importance that business leaders place on cybersecurity in their organizations,” said Kevin Taylor, managing director of BAE Systems Applied Intelligence, in the release. “However, it also shows an interesting disparity between the views of C-level respondents and those of IT decision makers. With successful cyberattacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognize the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat.”