IT Leaders and Execs Pass the Buck on Cyber Response
IT decision makers and C-level executives both believe it is the other’s job to manage the response to a cybersecurity incident, according to new research from BAE Systems.
The British defense contractor polled 221 Fortune 500 C-level execs and 984 IT leaders in eight countries around the world including the UK, US, Germany, Australia, Singapore and Canada.
Surprisingly, a third (35%) of executives said responsibility for managing a breach lies with IT, while half of the IT decision makers said the board should take charge.
That’s a concern, especially considering nearly three-quarters of IT leaders (72%) believe they’ll be targeted over the next year and the vast majority of both groups predict an increase in the number and severity of attacks.
Some 84% of the C-suite and 81% of IT teams are confident they have the right tools in place to defend against a cyber attack. Yet with a lack of clarity over roles and responsibilities in the inevitable event of a breach, the impact could escalate unnecessarily.
“The disconnect in opinions between C-level respondents and IT Decision Makers when it comes to potential threats, accountability and responsibility creates gaps for attackers to exploit,” argued BAE Systems Applied Intelligence managing director, Kevin Taylor.
“With regulatory fines starting to become a bigger issue, organizations need to plan ahead for successful incidents and ensure that the C-suite and IT teams are working together to narrow gaps in understanding, intelligence and responsibility.”
More concerning still are stats which reveal that while 82% of IT teams believe spending on cybersecurity is part of a comprehensive strategy, only half of the C-suite agree.
Increased spending on things like incident response could reduce dwell time and improve co-ordination efforts, minimizing the potential regulatory and financial fallout from an attack.
The latter could be significant, with estimated costs of a breach ranging from $11.6m to $19.2m – the former figure arrived at by C-level respondents and the latter by IT leaders.
Source: Information Security Magazine