New research reveals business disconnect in preparing against cyber attacks

Cyber defence experts, BAE Systems, today released findings from ‘The Intelligence Disconnect: the 2017 Cyber Defence Monitor’, a research report which reveals concerns and perceptions of preparedness of C-Suite executives and IT Decision Makers (ITDM) regarding cyber security, in Malaysia and across the globe.

The report reveals a surprising disconnect between the boardroom and IT Decision Makers in tackling cyber threats, with boardrooms and IT leaders pointing the finger at each other when it comes to taking responsibility for a successful attack.
The research also shows that the boardroom estimates the cost of a successful attack to be dramatically lower than the predictions of their IT colleagues.

70% of Malaysian C-Suite executives believe cyber security is the most significant business challenge compared to their IT counterparts (42%). Additionally, 80% of ITDMs think they will be targeted by a cyber-attack in the next 12 months, while only 50% of C-Suite executives expect that.

Both groups report that they expect the frequency and severity of attacks to increase, demonstrating it has never been more important for businesses to understand the nature of the threat and how to combat it.

In line with this, more than half of boardroom respondents (65%) plan to devote more time and other resources to cyber security.

“This research confirms the importance that business leaders place on cyber security in their organisations. However, it also shows an interesting disparity between the views of C-level respondents and those of IT Decision Makers. Each group’s understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different,” said Goh Su Gim, cyber security expert at BAE Systems Applied Intelligence.

“With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams recognise the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat.

“The disconnect in opinions between C-level respondents and IT Decision Makers when it comes to potential threats, accountability and responsibility creates gaps for attackers to exploit. With regulatory fines starting to become a bigger issue, organisations need to plan ahead for successful incidents and ensure that the C-suite and IT teams are working together to narrow gaps in understanding, intelligence and responsibility.”

The full report can be found at: www.baesystems.com/cdm

Key findings include:

• 65% of C-Suite respondents say their IT teams and staff more broadly are responsible in the event of a breach, whereas only a third (35%) of ITDMs think this is the case. Similarly, over half of ITDMs (55%) think senior management and leaders should shoulder the blame, compared to only 30% of C-Suite respondents.
• IT Decision Makers believe the cost of a successful cyber-attack on their business to be around $17.8m, compared to an estimation of just $3.9m from the C-Suite.
• 81% of IT teams are confident they are well-equipped to defend against a cyber attack, while almost a third (30%) of C-suite respondents, a larger proportion than in any other market, are not sure they are equipped to handle a cyber-attack, should they be targeted.
• However, both groups believe the number and severity of attacks will increase over the coming year, with 90% of board respondents and 84% of IT teams predicting an increase in the number of attacks, and 90% and 87% respectively predicting an increase in the severity of attacks.
• 70% of Malaysian C-Suite individuals believe underfunding of ITsecurity might be a reason for a successful attack. Accordingly, more than two-thirds (65%) say they plan to increase spending on cyber security in the coming year.
• Globally, while 82% of IT teams report their spend on cyber security is part of a comprehensive strategy, only half of the board (50%) believe this to be the case. 41% of C-Suites believe the investment is more ad hoc, rising to 70% of those who are not confident of their ability to prevent a cyber attack.
• Almost three times as many C-Suite executives think that human error will enable a cyber attack than ITDMs (85% vs 28%), making Malaysian C-Suite respondents the least trusting globally (averaging at 64%) of their people. More ITDMs think it would likely be through attackers breaching their network from outside (43%).

Barry Johnson, Malaysia’s country manager at BAE Systems Applied Intelligence said “Perhaps most worryingly for Malaysia, none of our executives are confident that their company has all the skills necessary to deal with a cyber attack; the lowest amongst all markets surveyed.”

“BAE Systems works closely with institutions and agencies such as CyberSecurity Malaysia, as well as investing thousands of training hours into our almost 350 employees, to try to close that skills gap and lift the cyber security capability and capacity for Malaysia’s future needs,” he added.