Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT Decisions Makers and Executives Don't Agree On Cyber Security Responsibility (betanews.com)

Posted by msmash on from the how-they-think dept.

Sead Fadilpasic, writing for BetaNews: There's a severe disconnect between IT decision makers and C-suite executives when it comes to handling cyber attacks. Namely, both believe the other one is responsible for keeping a company safe. This is according to a new and extensive research by BAE Systems. A total of 221 C-suite executives and 984 IT decision-makers were polled or the report. According to the research, a third (35 percent) of C-suite executives believe IT teams are responsible for data breaches. On the other hand, 50 percent of IT decision makers would place that responsibility in the hands of their senior management. Cost estimates of a successful breach also differ. IT decision makers think it would set them back $19.2 million, while C-suite thinks of a lesser figure, $11.6m. C-level thinks a tenth (10 percent) of their company's IT budget is spent on cyber security, while IT decision makers think that's 15 percent. Also, 84 percent of C-suite, and 81 percent of IT teams believe they have the right protection set up.

4 of 119 comments (clear)

  1. They just don't care by Anonymous Coward · · Score: 4, Insightful

    Much like breaking the law and paying a fine has become a cost of doing business, so too has getting hacked and paying a lawsuit settlement become a cost of doing business. No one goes to jail, no one cares. The legal calculus is the same.

  2. Toys, toys, toys... by chill · · Score: 5, Insightful

    If the C-Suite wants to give the responsibility to IT for security decisions, they can start by losing their "I have to have this cool gadget, but there is no business justification" toys.

    They can also stop demanding to be exceptions to any security policy that inconveniences them, like full-disk encryption, local administrative rights, multi-factor authentication and complex passwords.

    --
    Learning HOW to think is more important than learning WHAT to think.
  3. IT needs to get tough by Anonymous Coward · · Score: 3, Insightful

    Managers don't care about security. They give you no time and resources to properly implement it. Then when the breach happens, they suddenly care A LOT about security, and it's all your fault.

    There needs to be set security standards for the industry, and managers should have to sign off saying they don't care about these standards when they choose not to allocate the proper time and resources for security.

  4. Re:C-Suite Attitudes by chill · · Score: 3, Insightful

    Dude, please! Grammar!

    Twitter is a proper noun, so capitalize it. And there should be a comma between "Twitter" and "right". There should also be a comma between "petty" and "little", as they both are adjectives describing "bitch". And finally, some punctuation after the second sentence. From your tone I'd suggest an exclamation point, but a period could also be acceptable if you want to imply exasperation instead of passion.

    --
    Learning HOW to think is more important than learning WHAT to think.