Blame game over cyber crime leaves listed companies wide open to attacks

 
Hannah Wilkinson
cyber security BAE Systems
Firm leaders think cyber security is a significant business risk but can't agree on whose fault it is (Source: Getty)

A shocking disconnect between IT heads and their C-suite bosses means both expect each other to take responsibility for information security breaches, aerospace giant BAE Systems has revealed.

While 50 per cent of IT decision makers would blame senior executives in the event of a breach, the most popular response amongst business leaders asked the same question was to point to the IT department.

The data also shows that 71 per cent of big firm leaders think cyber security is the most significant challenge their business faces, with slightly more expecting to face an attack in the next year.

Of more than 200 senior Fortune 500 executives interviewed by Opinium on defence giant’s behalf, some 55 per cent plan to devote more time and energy to tackling the problem in 2017.

Business leaders’ estimates of the cost of preventing attacks also diverged from than those provided by IT teams in the same organisations. Executives guessed ten per cent of of their organisation’s IT budget was spent on cyber security and defence, compared to the 15 per cent ballpark figure given by their technical colleagues.

Read more: Boohoo for Yahoo as SEC begins probe into cyber breach

They also had lower expectations of the financial blow a successful attack would deal their organisation, providing an average figure of $11.6m beside IT heads’ $19.2m approximation.

“This research confirms the importance that business leaders place on cyber security in their organisations,” said Kevin Taylor, managing director of BAE Systems Applied Intelligence.

“However, it also shows an interesting disparity between the views of C-level respondents and those of IT Decision Makers. Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different.”

“With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognise the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat,” Taylor added.

Research carried out by the Ponemon Institute on behalf of HP in 2016 put the annual cost of cyber crime to big companies at $9.5 million, with information losses the biggest culprit.

In another study by the same company for IBM found a single data breach could cost $4m.

Related articles