Dive Brief:
- More than 2 in 5 IT and security professionals in the U.S. and Western Europe have been told to keep a cyber breach confidential, despite knowing the incidents should be disclosed, according to a report released Wednesday from Bitdefender.
- The disparity in the U.S. is even more stark — 7 in 10 IT and security professionals said they were given the same instructions. The report is based on a survey of 400 IT and security professionals in the U.S., U.K., Germany, France, Spain and Italy.
- More than half of the survey respondents said they have experienced a data breach or data leak in the past 12 months. In the U.S., that number rises to three-quarters of respondents.
Dive Insight:
The disclosure issue has been a problem among private sector organizations for decades. Corporate executives have historically been reluctant to disclose data security incidents, leading regulators across the globe to press for greater transparency in order to protect customers, shareholders and to help prevent the spread of larger attacks across industries.
Failure to disclose data security incidents can lead to serious consequences for companies, according to Martin Zugec, technical solutions director at Bitdefender.
“Prompt reporting, transparency and effective incident response are key to minimizing damage and keeping trust with stakeholders,” Zugec said via email.
Zugec cautioned that just because a data security incident is kept quiet, there is no guarantee the information will actually remain a secret. Cybercriminal organizations have increasingly used public leak sites to shame organizations into admitting the loss of corporate secrets or personal data of customers.