Executives Have More Faith in Cyber Defenses than the Cyber Staff

Government and private-sector executives are much more bullish on their companies’ cybersecurity than operators on the front lines, according to a report released today.

Executives are far more likely than operators—the IT and cyber staff—to believe their companies’ cybersecurity strategies have been fully implemented, according to the report from Intel Security and the Center for Strategic and International Studies think tank.

Operators are also five times more likely to believe their organizations lack incentives for cybersecurity professionals to improve their organizations to counter emerging threats, the report found.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

“Almost half of operators reported no incentives existing in their organization,” the report said. “It is possible that incentives, even when they exist, may not actually be known by employees, especially if they are lower down in the organization’s structure.”

There’s also a gap between how executives and operators assess the damage of a cyber breach, the report found, with operators more likely to focus on the scope of a breach and executives more likely to focus on reputational damage and profit losses.

The report was based on survey responses from 800 respondents in five industries including government, finance and health care.

The report describes these distinctions as “misaligned incentives,” which put government and companies at a disadvantage against cyber criminals who can move much nimbler and adopt emerging threats more quickly than companies and government can defend against them.