According to new research, larger companies are in confusion as to who should responsible for the aftermath of a cyber-attack.
The study was conducted by BAE Systems, a multinational defence, aerospace and security company. The study suggests that senior managers expect IT staff to deal with the fallout from data breaches, yet technology bosses felt that the responsibility lies with the board members. The study took responses from 500 ‘fortune’ companies from all over the world, 50% of IT staff felt that boardroom executives should take the lead when it comes to deciding how a company should respond after it has been penetrated by hackers. By contrast, more than a third of Chief Executives who were questions, said it was IT staff who were to be the ones cleaning up, fixing problems and hardening defences. Dr Nish from BAE systems said: “The differing views could contribute to the inevitable confusion that follows when firms, both large and small, suffer a breach. That is definitely a weakness and it will lead to organisations not being prepared for oncoming attacks.”
Possibly more alarming than the disparity of who is responsible for the clean-up, the research has also indicated that both parties involved in the study have varying ideas of what a cyber-attack would cost the organisation. Technology bosses believed that on average a breach would cost an organisation around $19m (£15m) whilst boardroom members believed that the figure was something closer to $11.6m (£9.2m), these estimates were inclusive of fines, legal aid, remediation expenses and compensation for customers. The costs of cyber-attacks do vary due to the size of the company and the nature of the attack, however, cyber-attacks costs UK businesses more that £34bn last year alone.
Oliver Parry, head of corporate governance at the institute if Directors, said businesses should focus more on “preventative measures” to protect themselves against cyber-threats, he also added that “As with other principle risks to a business, responsibility of outlining this strategy should fall with the board.”
For any further information or advice, do not hesitate getting in contact with the borwell team on 01684377980.