Executives And IT Managers Disagree On Who Is Responsible For Cybersecurity

Steve McCaskill,
hacker

BAE survey says that unless there is more coordination between executives and IT departments, hackers will find holes to exploit

Executives and IT departments are not singing from the same hymn sheet when it comes to cybersecurity, with differing views on funding, the potential impact and who is ultimately responsible for protection.

Data from BAE Systems said this disconnect could result in weaknesses that could be exploited by cyber attackers, costing organisations significant financial, legal and reputational damage, especially in the face or heftier fines from regulators.

The catastrophic attacks on TalkTalk, Ashley Madison and Yahoo in the past few years are prime examples.

Buisinesswoman screaming at her lap top © - Fotolia.com

With who does the buck stop?

According to the survey, 35 percent of senior executives believe IT departments are responsible if there is a breach, while half of IT managers believe the opposite. Executives also believe the cost of a cyber attack would be around $11.6 million compared to IT which estimates $19.2 million.

More than four fifths of both groups believe they have adequate measures in place, but executives think cybersecurity is 10 percent of the IT budget, while IT says 15 percent. Seventy-eight percent of management feel the number of incidents will increase, more than the 68 percent of IT, while two thirds of both feel the severity of attacks will intensify.

When asked whether cybersecurity spend is part of a comprehensive strategy, 82 percent of IT managers say yes compared to just 50 percent of executives. However more than half of management say they will spend more and devote greater resources.

“This research confirms the importance that business leaders place on cyber security in their organisations. However, it also shows an interesting disparity between the views of C-level respondents and those of IT Decision Makers,” said Kevin Taylor, managing director of BAE Systems Applied Intelligence Unit.

“Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different.

“With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognise the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat.”

Are you a security pro? Try our quiz!