In a survey of a group of 221 C-level executives and another group of 984 IT decision makers, it was found that each group largely believes the other group is responsible in the event of a breach. The analyst firm Opinium conducted the survey last October and November on behalf of BAE Systems Applied Intelligence, a cybersecurity and defense company.
The study largely found that IT managers disagree with chief executives over who is responsible for a cybersecurity breach. Thirty-five percent of C-level respondents said IT teams would be responsible in a breach, while 50% of IT leaders think that responsibility rests with their senior managers. Also, IT managers estimate a single cyber attack will cost their business nearly twice what top-level executives estimate. The IT managers put the cost of a single attack at $19 million, compared to the C-suite estimate of about $11 million.
Different understanding of the risks
The survey shows that the understanding of the nature and seriousness of cyber threats for each of the groups can be very different. IT managers and professionals believe that C-level executives must be more informed on cybersecurity threats and increase their cyber-risk awareness.
The National Association of Corporate Directors surveyed more than 600 board directors and professionals last year, and found that only 19% believe their boards have a high level of understanding of cybersecurity risks.
IT professionals are working hard to keep their data secure, but often feel that their concerns are seemingly dismissed by business managers and executives who accept the risk instead of approving the proposed strategies. There are many reasons why infosec personnel’s security and risk recommendations may not be accepted by executives.
It’s time to do something about it
For security professionals stuck in the middle of tech and executives with a communication barrier, you don’t want to miss the Security Stuck in the Middle of Tech and Exec presentation at Secure360 Twin Cities 2017.
This presentation will explore the challenges of being stuck in the middle of security technologists and executives. It will dive into what each group is accustomed to saying and hearing. It will also explore ways to merge that gap and create a bridge to talk to either side to effectively understand each other.