Who handles cyber attack aftermath? Firms split
Large firms are split on who should deal with the aftermath of a cyber attack, with a study by BAE Systems showing senior managers think IT staff should deal with data breaches but IT bosses thinking the responsibility should lie with board members.
The study, reported by BBC News, suggests firms’ confusion over who should manage cyber attacks could make them more vulnerable. Senior managers and technology bosses also widely differed when asked how much they thought a data breach could cost.
The poll of 984 IT managers and 221 executives from Fortune 500 companies across the world, found that 50% of IT staff believed boardroom executives should take responsibility when it comes to deciding how a company should deal with a cyber attack. On the other hand, more than a third of the chief executives questioned said IT staff should take the lead.
"Both sides seem to think that it’s the other's responsibility when it comes to a successful breach and that reflects a gap in understanding,"Dr Adrian Nish, head of the cyber threat intelligence unit at BAE Systems, told BBC News.
The differing views could contribute to the inevitable confusion that follows when firms, both large and small, suffer a breach, Dr Nish argued. "That is definitely a weakness and it will lead to organisations not being prepared for oncoming attacks."
The two camps also differed when asked how much they thought a data breach would cost, with technology bosses putting the cost at £15 million and boardroom members saying £9.2 million.
Oliver Parry, head of corporate governance at the Institute of Directors, said businesses should focus on "preventative measures" to protect against cyber-threats.
"As with other principle risks to a business, responsibility of outlining this strategy should fall with the board.
"Lasting cybersecurity only comes from embedding good practice throughout the culture of an organisation, starting from the top. No system or person alone can prevent indefinitely the threat of a cyber-attack."
