BAE Systems’ research reveals business disconnect in defending against cyber attacks
New research published recently by BAE Systems reveals “a surprising disconnect between C-suite executives and IT decision makers in defending against cyber threats”. The research, conducted in eight countries around the world, shows that “C-suite and IT leaders believe that each other is responsible for managing the response to a cyber-attack”.
BAE Systems says it commissioned insight analysts, Opinium, to undertake this research to understand the current state of play when it comes to business cyber security. A total of 221 C-suite and 984 IT decision makers were polled to understand their concerns and perceptions of preparedness when it comes to their own cyber security. The research shows that the C-suite level estimate the cost of a successful attack to be dramatically lower than their IT colleagues.
These latest findings reveal that cyber security is the most significant business challenge to 71% of C-suite respondents, according to BAE Systems. Additionally, 72% of IT decision makers think they will be targeted by a cyber-attack in the next 12 months, and both groups report that they expect the frequency and severity of attacks to increase. To counter this, more than half of C-suite respondents (55%) plan to devote more time and resource to cyber security.
Other key findings include:
• 35 per cent of C-suite respondents say their IT teams are responsible in the event of a breach whereas 50 per cent of IT decision makers think responsibility sits with their senior management and leaders.
• IT decision makers believe the cost of a successful cyber-attack on their business to be around US$19.2m compared to an estimation of just US$11.6m from C-suite.
• C-level executives say that 10 per cent of their organization’s IT budget is spent on cyber security and defence, compared to 15 per cent according to IT decision makers.
• 84 per cent of the C-suite and 81 per cent of IT teams are confident that they have the right protection in place to defend against a cyber attack.
• However, both groups believe the number and severity of attacks will increase over the coming year with 78 per cent of C-level respondents and 68 per cent IT teams predicting an increase in the number of attacks, and 66 per cent and 68 per cent respectively predicting an increase in the severity of attacks.
• More than half (55 per cent) of C-suite respondents say they plan to increase spending on cyber security in the coming year.
• While 82 per cent of IT teams report that their cyber security spend is part of a comprehensive strategy, only half of the C-suite (50 per cent) believe this to be the case.
• 41 per cent of C-suites believe the investment is more ad hoc, rising to 70 per cent of those who are not confident of their ability to prevent a cyber attack.
“With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognise the risks,” said Kevin Taylor, managing director of BAE Systems Applied Intelligence, “but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat.”