IT and C-level leaders point fingers at each other over cyberdefence
10 February 2017 | 0
IT managers disagree with chief executives over who is responsible for a cybersecurity breach, according to a survey.
The survey of a group of 221 chief executive officers and other C-level executives and another group of 984 global IT decision makers found that each group largely believes the other group is responsible in the event of a breach.
In the survey, 35% of C-level respondents said IT teams would be responsible in a breach, while 50% of IT leaders think that responsibility rests with their senior managers.
Also, IT managers estimate a single cyberattack will cost their business nearly twice what top-level executives estimate. The IT managers put the cost of a single attack at $19 million (€17.8 million), compared to the C-suite estimate of about $11 million (€10.3 million).
Opinium, an analyst firm, conducted the survey last October and November on behalf of BAE Systems Applied Intelligence, a cyber security and defence company.
Overall, the results show “an interesting disparity between the views of C-level respondents and those of IT decision makers,” said Kevin Taylor, managing director at BAE. “Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different.”
He called for both groups to “bridge the intelligence gap to build a robust defence” against cyberattacks.
The survey lends support to the opinions of other analysts who say C-level executives need to get more informed on cybersecurity threats.
Tom Ridge, former secretary of Homeland Security, recently urged CEOs and corporate board to increase their level of cyber-risk awareness.
“Cybersecurity is the most significant governance challenge for the public and private sector,” Ridge said in a recent interview. “It’s not just the exclusive domain of the CIO and CTO, and is now in the domain of the CEO and the corporate board.”
Ridge is currently the chairman of Ridge Global, a Washington-based cyber protection advisory firm.
The National Association of Corporate Directors surveyed more than 600 board directors and professionals last year, and found that only 19% believe their boards have a high level of understanding of cybersecurity risks.
IDG News Service