Imagine your company experienced a major data breach, but instead of notifying the appropriate parties and taking necessary actions, you were instructed to keep it quiet!
A new study from cybersecurity vendor Bitdefender revealed that this is a reality for more than two-fifths of IT professionals—putting both organizations and individuals at risk.
Bitdefender's research showed that 42% of IT professionals have been instructed to keep a data breach under wraps, while nearly a third of respondents (30%) said they kept a breach to themselves even though they knew it should be reported.
The survey, which polled 400 IT professionals across various industry sectors in organizations with more than 1,000 employees, also found that over half (52%) had suffered a data breach or leak in the previous 12 months, with the figure rising to 75% in the United States.
The U.S. was also leading the list in terms of the percentage of respondents who claimed they'd been told to keep a breach concealed (71%). For other countries surveyed, which included France, Italy, Germany, Spain, and the U.K., the figure was below the global average.
Failing to report a data breach creates a variety of challenges, including underestimating the level of cyber threat activity, legal jeopardy, and brand reputational damage. More than half (55%) of the respondents to the Bitdefender study expressed concern that their company would face legal action due to a breach being mismanaged.
The top security threat cited by respondents was software vulnerabilities and/or Zero-Days (53%), followed by phishing/social engineering threats (52%) and attacks targeting the supply chain (49%).
The research comes less than a year after former Uber CSO Joseph Sullivan was convicted of attempting to cover up a 2016 hack of Uber, highlighting the fact that lying about data breaches is a serious criminal offense in many jurisdictions.
The study indicates that an alarming number of organizations are willing to ignore their obligations to report data breaches to regulators and stakeholders, in an attempt to avoid legal and financial penalties.
While it's difficult to guarantee that an organization will address cyber incidents responsibly, proactive security leaders can look to decrease the chance of deceit by investing in threat prevention, detection, and response solutions that enable users to address and resolve security incidents faster, so that there is less impact on the organization and less exposure to legal and financial risk.
Andrei Florescu, Deputy General Manager and SVP of Products at Bitdefender's Business Solutions Group, discussed the survey's findings:
"The findings in this report depict organizations under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with complexities of extending security coverage across environments and an ongoing skills shortage."
Subscribe to SecureWorld News for more stories related to cybersecurity.
