Cyber security
Ponemon study shows company IT personnel filter out negative facts before communicating about security risk

A new study has revealed that 60% of IT staff do not tell their bosses about security risks until it has become a matter of urgency.

More than half of IT staff said they will only inform managers when the threat is "serious", and will also try to filter out negative results, according to a report by US cyber expert Dr Larry Ponemon who surveyed almost 600 individuals working in various sectors of IT.

However, the report claims that senior level executives have a different perception of what constitutes "serious" to their IT counterparts.

Ponemon, author of the study, said: "What is most concerning is that it would seem security in many organisations is based on perception and 'gut feel,' versus hard data."

Overconfidence from those working in IT equates to the bosses being kept out of the loop, when it comes to cyber threats, until it is possibly too late to deal with the risk.

"The stakeholders with the highest responsibility seem to be the least informed," added Ponemon.

In another report also from Ponemon, it was found more than half of US companies considered themselves defenceless against cyber attacks.

Fifty-two percent said that they are either not prepared at all or are minimally prepared and only 5% of respondents said that their organisations were fully prepared to deal with targeted attacks.

Off Target - Some big names that have had cyber attacks

  • US retailing giant Target was hit by the biggest hack in US retail history just days before Thanksgiving after malware was installed onto its system that exposed almost 110 million of its customer's credit card details. Six months prior to this, Target had installed a $1.6m malware detection system and had reportedly been warned 12 days before the attack.
  • UK citizen Gary McKinnon was accused of the "biggest military computer hack of all time" in 2002 after he hacked into 97 US military and NASA computers. US Authorities claimed he deleted highly important files which cost $700,000 in reparation.
  • More than 4,000 executives were targeted last year as the Federal Reserve Bank was hacked by an outside party. Hackers Anonymous retrieved the data of the bosses as a retaliation against Aaron Swartz, a hacker who was arrested after he hacked MIT and downloaded academic journals.