A recent report released by BAE Systems shows there is a lot of confusion as to who should take the lead when a company is hit with a cyberattack, between the IT department and the senior executives. Having interviewed 984 IT managers and 221 executives from Fortune 500 companies, the report highlights not only the difference of opinion, but also a possible reason why cyberattacks have had a larger impact than expected in many firms. Half of all IT personnel asked thought it was the responsibility of the executives to take the lead after a company has suffered a breach. On the other hand, a third of the executives thought the IT gurus should be in charge. “Both sides seem to think that it’s the other’s responsibility when it comes to a successful breach and that reflects a gap in understanding,” said Dr Adrian Nish, head of the cyber-threat intelligence unit at BAE Systems.
While more than seventy percent of executives believe cyber security is the most pressing threat facing their companies, there is a disparity on the financial implications. Boardroom executives approximate the damage would set the company back $11.6 million, IT heads think the figure is closer to $19.2 million. “This research confirms the importance that business leaders place on cyber security in their organisations,” said Kevin Taylor, managing director of BAE Systems Applied Intelligence.
“However, it also shows an interesting disparity between the views of C-level respondents and those of IT Decision Makers. Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different.”
“With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognise the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat,” he added.