BAE Systems Reveals Business Disconnect In Cyber Defense

New research published today by cyber security experts, BAE Systems reveals a surprising disconnect between C-suite executives and IT Decision Makers in defending against cyber threats

Highlights

  • IT Decision Makers and C-suite executives believe the other is responsible in the event of a breach
  • C-level executives predict cost of cyber-attack to their business to be US$7.6m less than their IT colleagues
  • 10-15% of an organisation’s IT budget is spent on cyber security

New York, NY (Feb. 13, 2017) – Newly published research by cyber security experts BAE Systems reveals a surprising disconnect between C-suite executives and IT Decision Makers in defending against cyber threats. The research, conducted in eight countries around the world, shows that C-suite and IT leaders believe that each other is responsible for managing the response to a cyber-attack.

BAE Systems commissioned strategic insight analysts, Opinium to undertake an extensive piece of research to understand the current state of play when it comes to business cyber security. A total of 221 C-suite and 984 IT Decision Makers were polled to understand their concerns and perceptions of preparedness when it comes to their own cyber security. The research shows that the C-suite level estimate the cost of a successful attack to be dramatically lower than their IT colleagues.

These latest findings reveal that cyber-security is the most significant business challenge to 71% of C-suite respondents. Additionally, 72% of IT Decision Makers think they will be targeted by a cyber-attack in the next 12 months, and both groups report that they expect the frequency and severity of attacks to increase. Therefore it has never been more important for businesses to understand the nature of the threat and how to combat it. To counter this, more than half of C-suite respondents (55%) plan to devote more time and resource to cyber security.

Key findings include:

  • 35% of C-suite respondents say their IT teams are responsible in the event of a breach whereas 50% IT Decision Makers think responsibility sits with their senior management and leaders.
  • IT Decision Makers believe the cost of a successful cyber-attack on their business to be around US$19.2m compared to an estimation of just US$11.6m from C-suite.
  • C-level executives say that 10% of their organisation’s IT budget is spent on cyber security and defence, compared to 15% according to IT Decision Makers.
  • 84% of the C-suite and 81% of IT teams are confident that they have the right protection in place to defend against a cyber attack.
  • However, both groups believe the number and severity of attacks will increase over the coming year with 78% of C-level respondents and 68% IT teams predicting an increase in the number of attacks, and 66% and 68% respectively predicting an increase in the severity of attacks.
  • More than half (55%) of C-suite respondents say they plan to increase spending on cyber security in the coming year.
  • While 82% of IT teams report that their cyber security spend is part of a comprehensive strategy, only half of the C-suite (50%) believe this to be the case.
  • 41% of C-suites believe the investment is more ad hoc, rising to 70% of those who are not confident of their ability to prevent a cyber attack.

“This research confirms the importance that business leaders place on cyber security in their organisations,” said Kevin Taylor, Managing Director of BAE Systems Applied Intelligence. “However, it also shows an interesting disparity between the views of C-level respondents and those of IT Decision Makers. Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different.

“With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognise the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat,” Taylor added.

The disconnect in opinions between C-level respondents and IT Decision Makers when it comes to potential threats, accountability and responsibility creates gaps for attackers to exploit. With regulatory fines starting to become a bigger issue, organisations need to plan ahead for successful incidents and ensure that the C-suite and IT teams are working together to narrow gaps in understanding, intelligence and responsibility.

Report methodology

Strategic insight analysts Opinium polled 221 C-suite at Fortune 500 companies and 984 IT Decision Makers, in eight countries: UK, Germany, USA, Canada, Australia, Singapore, Malaysia, and UAE.

About BAE Systems

At BAE Systems, we provide some of the world’s most advanced technology defence, aerospace and security solutions. We employ a skilled workforce of 82,500 people in over 40 countries. Working with customers and local partners, our products and services deliver military capability, protect people and national security, and keep critical information and infrastructure secure.

At BAE Systems Applied Intelligence, we help nations, governments and businesses around the world defend themselves against cybercrime, reduce their risk in the connected world, comply with regulation, and transform their operations.

We do this using our unique set of solutions, systems, experience and processes – often collecting and analysing huge volumes of data. These, combined with our Cyber Special forces – some of the most skilled people in the world, enable us to defend against cyber-attacks, fraud and financial crime, enable intelligence-led policing and solve complex data problems.

We employ over 4,200 people across 18 countries in the Americas, APAC, UK and EMEA. For further information about BAE Systems Applied Intelligence, please visit www.baesystems.com/businessdefence.

SOURCE: BAE Systems