A new study has revealed that 60% of IT staff do not tell their bosses about security risks until it has become a matter of urgency.
More than half of IT staff said they will only inform managers when the threat is “serious”, and will also try to filter out negative results, according to a report by US cyber expert Dr Larry Ponemon who surveyed almost 600 individuals working in various sectors of IT.
However, the report claims that senior level executives have a different perception of what constitutes “serious” to their IT counterparts.
Ponemon, author of the study, said: “What is most concerning is that it would seem security in many organisations is based on perception and ‘gut feel,’ versus hard data.”
Overconfidence from those working in IT equates to the bosses being kept out of the loop, when it comes to cyber threats, until it is possibly too late to deal with the risk.