Kuala Lumpur, Feb 15 – BAE Systems releases findings from The Intelligence Disconnect: the 2017 Cyber Defence Monitor, a research report revealing perceptions of preparedness of C-Suite executives and IT Decision Makers (ITDM) when it comes to cyber security.
The report reveals a disconnect between the boardroom and ITDM in tackling cyber threats, with boardrooms estimating the cost of a successful attack to be US$13.9m less than the predictions of their IT colleagues.
However, both groups are in agreement when expecting the frequency and severity of attacks to increase, demonstrating that it has never been more important for businesses to understand the nature of the threat and how to combat it.
“This research confirms the importance that business leaders place on cyber security in their organisations. However, it also shows an interesting disparity between the views of C-level respondents and those of IT Decision Makers. Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different,” says cyber security expert at BAE Systems Applied Intelligence, Goh Su Gim.
“Perhaps most worryingly for Malaysia, none of our executives are confident that their company has all the skills necessary to deal with a cyber attack; the lowest amongst all markets surveyed,” adds Malaysia Country Manager at BAE Systems Applied Intelligence, Barry Johnson.
Key findings include:
• 65% of C-Suite respondents say their IT teams and staff more broadly are responsible in the event of a breach, whereas only a third (35%) of ITDMs think this is the case. Similarly, over half of ITDMs (55%) think senior management and leaders should shoulder the blame, compared to only 30% of C-Suite respondents.
• IT Decision Makers believe the cost of a successful cyber-attack on their business to be around $17.8m, compared to an estimation of just $3.9m from the C-Suite.
• 81% of IT teams are confident they are well-equipped to defend against a cyber attack, while almost a third (30%) of C-suite respondents, a larger proportion than in any other market, are not sure they are equipped to handle a cyber-attack, should they be targeted.
• However, both groups believe the number and severity of attacks will increase over the coming year, with 90% of board respondents and 84% of IT teams predicting an increase in the number of attacks, and 90% and 87% respectively predicting an increase in the severity of attacks.
• 70% of Malaysian C-Suite individuals believe underfunding of IT security might be a reason for a successful attack. Accordingly, more than two-thirds (65%) say they plan to increase spending on cyber security in the coming year.
• Globally, while 82% of IT teams report their spend on cyber security is part of a comprehensive strategy, only half of the board (50%) believe this to be the case. 41% of C-Suites believe the investment is more ad hoc, rising to 70% of those who are not confident of their ability to prevent a cyber attack.
• Almost three times as many C-Suite executives think that human error will enable a cyber attack than ITDMs (85% vs 28%), making Malaysian C-Suite respondents the least trusting globally (averaging at 64%) of their people. More ITDMs think it would likely be through attackers breaching their network from outside (43%).