A new study has revealed that 60% of IT staff do not tell their bosses about security risks until it has become a matter of urgency.
More than half of IT staff said they will only inform managers when the threat is "serious", and will also try to filter out negative results, according to a report by US cyber expert Dr Larry Ponemon who surveyed almost 600 individuals working in various sectors of IT.
However, the report claims that senior level executives have a different perception of what constitutes "serious" to their IT counterparts.
Ponemon, author of the study, said: "What is most concerning is that it would seem security in many organisations is based on perception and 'gut feel,' versus hard data."
Overconfidence from those working in IT equates to the bosses being kept out of the loop, when it comes to cyber threats, until it is possibly too late to deal with the risk.
"The stakeholders with the highest responsibility seem to be the least informed," added Ponemon.
In another report also from Ponemon, it was found more than half of US companies considered themselves defenceless against cyber attacks.
Fifty-two percent said that they are either not prepared at all or are minimally prepared and only 5% of respondents said that their organisations were fully prepared to deal with targeted attacks.