But is this confidence misplaced when you take into account the risks of business cyber attacks?
Our recent global research into business cyber attacks and security shows there is a marked disconnect when it comes to how much IT decision makers (ITDMs) and C-suite executives imagine the cost of a cyber attack on their organisation to be – with the C-suite seemingly underestimating the far-reaching effects these breaches may have on the business.
Perhaps because they are closer to operations and see the volume of business cyber attacks, the security measures in place to combat them and the work involved in investigating and responding to incidents, ITDMs estimate the potential financial cost of a serious, successful cyber attack on their organisation to be $19.7m.
Meanwhile, C-suite executives estimate the cost of business cyber attacks to be much lower, at only $12.4m – and 42 per cent expect costs to amount to less than $1.5m. This compares to only 17 per cent of ITDMs, who may be more aware of the far-reaching effects an attack can have.
Perceptions of the cost of an attack are also affecting the amount businesses spend on cyber security defence. C-suites believe that a tenth of their organisation’s IT budget is spent on cyber security and defence, and among ITDMs, this figure is 15 per cent.
Our own experience at BAE Systems suggests that these estimated costs are well below the actual costs of business cyber attacks.
This means that when business cyber attacks do occur, the C-suite and ITDMs are at risk of experiencing “bill shock” – that is, high costs that were unforeseen, meaning adequate budget was not allocated.
To avoid bill shock, C-suites and ITDMs need to make full, informed assessments of the threats they face, the risk of successful attack, and the consequent costs of recovery.
With business cyber attacks representing the most significant business challenge to 71 per cent of C-Suite respondents in our survey, and with 72 per cent of ITDMs expecting to be targeted by a cyber attack over the next 12 months, laying these foundations is vital.
Organisations must be realistic about the threats they face and fully aware of the defences they have in place against business cyber attacks.
C-suites and ITDMs should work closely together, analysing current implementations and processes to come to an accurate conclusion.
Once organisations know what they have and what they need when it comes to business cyber attacks, they’ll know where they need to invest – ultimately avoiding any nasty surprises.
Jon Draper is head of cyber defence strategy at BAE Systems
Share this story