IT and C-level leaders point fingers at each other over cyber defense

IT managers say a cyber attack will cost double what their bosses estimate, new poll finds

IT managers disagree with chief executives over who is responsible for a cyber security breach, according to a survey released Thursday.

The survey -- of a group of 221 chief executive officers and other C-level executives and another group of 984 IT decision makers -- found that each group largely believes the other group is responsible in the event of a breach.

In the survey, 35% of C-level respondents said IT teams would be responsible in a breach, while 50% of IT leaders think that responsibility rests with their senior managers.

Also, IT managers estimate a single cyber attack will cost their business nearly twice what top-level executives estimate. The IT managers put the cost of a single attack at $19 million, compared to the C-suite estimate of about $11 million.

Opinium, an analyst firm, conducted the survey last October and November on behalf of BAE Systems Applied Intelligence, a cyber security and defense company.

The survey was conducted in the U.S. and seven other countries.

Overall, the results show "an interesting disparity between the views of C-level respondents and those of IT decision makers," said Kevin Taylor, managing director at BAE. "Each group's understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different."

He called for both groups to "bridge the intelligence gap to build a robust defense" against cyber attacks.

The survey lends support to the opinions of other analysts who say C-level executives need to get more informed on cybersecurity threats.

Tom Ridge, former secretary of Homeland Security, recently urged CEOs and corporate board to increase their level of cyber-risk awareness.

"Cybersecurity is the most significant governance challenge for the public and private sector," Ridge said in a recent interview. "It's not just the exclusive domain of the CIO and CTO, and is now in the domain of the CEO and the corporate board."

Ridge is currently the chairman of Ridge Global, a Washington-based cyber protection advisory firm.

The National Association of Corporate Directors surveyed more than 600 board directors and professionals last year, and found that only 19% believe their boards have a high level of understanding of cybersecurity risks.

Join the CSO newsletter!

Error: Please check your email address.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Hamblen

Latest Videos

More videos

Blog Posts