BDMs & TDMs Disconnect on
February 10, 2017
research reveals a surprising disconnect between C-suite
executives and IT Decision Makers in defending against cyber
threats. The research, conducted in eight countries around the
world, shows that C-suite and IT leaders believe that each other
is responsible for managing the response to a cyber-attack.
BAE Systems commissioned strategic insight analysts, Opinium to
undertake an extensive piece of research to understand the
current state of play when it comes to business cyber security.
A total of 221 C-suite and 984 IT Decision Makers were polled to
understand their concerns and perceptions of preparedness when
it comes to their own cyber security. The research shows that
the C-suite level estimate the cost of a successful attack to be
dramatically lower than their IT colleagues.
These latest findings reveal that cyber-security is the most
significant business challenge to 71% of C-suite respondents.
Additionally, 72% of IT Decision Makers think they will be
targeted by a cyber-attack in the next 12 months, and both
groups report that they expect the frequency and severity of
attacks to increase. Therefore it has never been more important
for businesses to understand the nature of the threat and how to
combat it. To counter this, more than half of C-suite
respondents (55%) plan to devote more time and resource to cyber
Key findings include:
•35% of C-suite
respondents say their IT teams are responsible in the event of a
breach whereas 50% IT Decision Makers think responsibility sits
with their senior management and leaders.
•IT Decision Makers
believe the cost of a successful cyber-attack on their business
to be around US$19.2m compared to an estimation of just US$11.6m
•C-level executives say
that 10% of their organisation’s IT budget is spent on cyber
security and defence, compared to 15% according to IT Decision
•84% of the C-suite and
81% of IT teams are confident that they have the right
protection in place to defend against a cyber attack.
•However, both groups
believe the number and severity of attacks will increase over
the coming year with 78% of C-level respondents and 68% IT teams
predicting an increase in the number of attacks, and 66% and 68%
respectively predicting an increase in the severity of attacks.
•More than half (55%) of
C-suite respondents say they plan to increase spending on cyber
security in the coming year.
•While 82% of IT teams
report that their cyber security spend is part of a
comprehensive strategy, only half of the C-suite (50%) believe
this to be the case.
•41% of C-suites believe
the investment is more ad hoc, rising to 70% of those who are
not confident of their ability to prevent a cyber attack.
Kevin Taylor, Managing Director of BAE Systems Applied
Intelligence, said: “This research confirms the importance that
business leaders place on cyber security in their organisations.
However, it also shows an interesting disparity between the
views of C-level respondents and those of IT Decision Makers.
Each group’s understanding of the nature of cyber threats, and
of the way they translate into business and technological risks,
can be very different.
successful cyber-attacks regularly making headline news, our
findings make it clear that the C-suite and IT teams recognise
the risks but need to concentrate on bridging the intelligence
gap to build a robust defence against this growing threat.”
The disconnect in opinions between C-level respondents and IT
Decision Makers when it comes to potential threats,
accountability and responsibility creates gaps for attackers to
exploit. With regulatory fines starting to become a bigger
issue, organisations need to plan ahead for successful incidents
and ensure that the C-suite and IT teams are working together to
narrow gaps in understanding, intelligence and responsibility.