With ubiquitous computer use and networking, concerns about security breaches have intensified. However the human element in security, especially perceptions of responsibility, is less well understood than technological solutions, and both are needed. Previous studies focus on ‘regular’ users rather than ICT specialists. This paper reports on a scenario-based survey of ICT professionals comparing their views on responsibility for typical and serious computer security breaches with what they believe senior, non computer-skilled managers believe. Results showed that ICT professionals are actually tougher on themselves than they think management would be and regard computer security as ‘their job’, yet feel misunderstood and under-appreciated in their organisations. The paper discusses potential organisational problems arising from this contradictory stance and suggests further research.