Image (GraphicStock) - Boardroom and virtual networks
A new report unveiled in Kuala Lumpur this week points to a surprising business disconnect in preparing against cyber attacks.
This disconnect seems to be fed by IT decision makers on one hand, and the boardroom on the other, holding to a belief that the other is responsible in the event of a breach.
Another concern is that the Malaysian boardroom predicts that the cost of a cyber-attack to their business to be US$13.9 million less than their IT colleagues.
Nine in 10 of the boardroom respondents also said they expect the number and severity of attacks to increase in the coming year
These and other findings were released by the UK-headquartered defence and cybersecurity company BAE Systems in a global report called The Intelligence Disconnect: the 2017 Cyber Defence Monitor (the full report is available on the BAE Systems website), which set out to explore the cybersecurity concerns and perceptions of preparedness of C-Suite executives and IT Decision Makers (ITDM) in eight different markets (Australia, Canada, Germany, Malaysia, Singapore, United Arab Emirates, the UK, and the US).
What the report revealed
Barry Johnson (pic below, during a CyberSecurity Malaysia award ceremony), Malaysia country manager at BAE Systems Applied Intelligence and Goh Su Gim, Malaysia-based cyber security expert at BAE Systems Applied Intelligence, discussed some of the report highlights.
A hopeful sign to begin with: Both groups report that they expect the frequency and severity of attacks to increase, said Goh. "This research confirms the importance that business leaders place on cyber security in their organisations."
"However, it also shows an interesting disparity between the views of C-level respondents and those of IT Decision Makers," he continues. "Each group's understanding of the nature of cyber threats, and of the way they translate into business and technological risks, can be very different."
More data: 70 percent of Malaysian C-Suite executives believe cyber security is the most significant business challenge compared to their IT counterparts (42 percent). In addition, 80 percent of ITDMs think they will be targeted by a cyber-attack in the next 12 months, while only 50 percent of C-Suite executives expect that.
"This shows that it has never been more important for businesses to understand the nature of the threat and how to combat it. In line with this, more than half of boardroom respondents (65 percent) plan to devote more time and other resources to cyber security," said Goh.
"With successful cyber-attacks regularly making headline news, our findings make it clear that the C-suite and IT teams do recognise the risks but need to concentrate on bridging the intelligence gap to build a robust defence against this growing threat," he said.
Goh warned: "The disconnect in opinions between C-level respondents and IT Decision Makers when it comes to potential threats, accountability and responsibility creates gaps for attackers to exploit."
"Also, with regulatory fines starting to become a bigger issue, organisations need to plan ahead for successful incidents and ensure that the C-suite and IT teams are working together to narrow gaps in understanding, intelligence and responsibility," he said.
Some other takeaways
The report key findings include:
- 65 percent of C-Suite respondents say their IT teams and staff more broadly are responsible in the event of a breach, whereas only a third (35 percent) of ITDMs think this is the case.
- Similarly, more than half of ITDMs (55 percent) think senior management and leaders should shoulder the blame, compared to only 30 percent of C-Suite respondents.
- IT Decision Makers believe the cost of a successful cyber-attack on their business to be around US$17.8m, compared to an estimation of just $3.9m from the C-Suite.
- 81 percent of IT teams are confident they are well-equipped to defend against a cyber attack, while almost a third (30 percent) of C-suite respondents, a larger proportion than in any other market, are not sure they are equipped to handle a cyber-attack, should they be targeted.
- However, both groups believe the number and severity of attacks will increase over the coming year, with 90% of board respondents and 84 percent of IT teams predicting an increase in the number of attacks, and 90 percent and 87 percent respectively predicting an increase in the severity of attacks.
- 70 percent of Malaysian C-Suite individuals believe underfunding of IT security might be a reason for a successful attack. Accordingly, more than two-thirds (65 percent) say they plan to increase spending on cyber security in the coming year.
'End to age of innocence'
Globally, while 82 percent of IT teams report their spend on cyber security is part of a comprehensive strategy, only half of the board (50 percent) believe this to be the case. 41 percent of C-Suites believe the investment is more ad hoc, rising to 70 percent of those who are not confident of their ability to prevent a cyber attack.
Sign up for CIO Asia eNewsletters.