Cyber security is undoubtedly high on the agenda for business leaders and IT decision-makers (ITDMs) alike. However, research shows a disconnect between the views of the C-suite and those of ITDMs when it comes to their organisation’s defence strategy. Both groups understand they face threats, but their thinking when it comes to the nature of these threats, and of the way they translate into business and technological risks, can be very different. This is largely down to their priorities; one group mitigates business risk, the other delivers effective IT that supports the aims of the business.
This disconnect is not the cause of discontent; ITDMs report feeling supported and believe they have the right information to tackle cyber threats. ITDMs report that their organisation’s Board of Directors took the risks associated with a cyber attack seriously, and they say they have enough information to make informed decisions on cyber security.
However, while these two groups agree on many things, they often have very different perspectives on the issues, demonstrating a lack of clear communication. This is shaping how and when companies go about defending themselves and whether they can do so effectively. Both groups are worried about falling victim to a cyber attack. However, senior executives, charged with assessing and managing business risk, are worried about the theft of sensitive information and customer personal data. In contrast, IT managers are concerned with a broader set of potential losses, some operational. Yet many concerns reflect a more mature understanding of the consequences of a successful attack.
In today’s world, we know that it isn’t a case of ‘if’ a business will be targeted, but ‘when’. Despite a universal expectation that the sophistication and volume of attacks will continue to increase, the people we spoke to reported a huge degree of confidence in the defences businesses have put in place. A forward looking, strategic approach to cyber defence is important to stay ahead. Bearing in mind the very different views we’ve seen the two groups in the study express, it’s also vital that clear communication between board and IT department is both created and maintained.