A concerning amount of companies are pretty woeful in reporting the cyberattacks and breaches they suffer, both internally and externally.
Research conducted by Keeper Security found that nearly half (48%) of the IT and security leaders it surveyed that have experienced a cybersecurity incident did not report it to the appropriate authorities.
What’s more, 41% of such attacks were not event reported to leadership within the company itself.
“Fear of repercussions”
The Cybersecurity Disasters Survey: Incident Reporting & Disclosure also found that nearly three quarters (74%) of respondents were worried about a cybersecurity disaster negatively impacting their organization, and 40% had already experienced this.
A further 75% of those that admitted to not reporting an incident said they felt guilty, with most (43%) citing a “fear of repercussions” as the reason for keeping tight-lipped. Damage to the firm’s reputation was a main consideration.
Negative financial impacts (40%) was another reason for failing to report, as was deeming it unnecessary (36%), or simply forgetting (32%) to report it.
22% of those surveyed also said there was “no system in place” for reporting breaches to others within the company, with 25% thinking that leadership would not care if one occurred, and a further 23% thinking they wouldn’t even respond if one were reported to them.
Keeper Security CEO Darren Guccione said that the research shows that organizations need to make, “significant cultural changes around cybersecurity, which is a shared responsibility.”
He added that, “accountability starts at the top, and leadership must create a corporate culture that prioritizes cybersecurity incident reporting, otherwise they will open themselves up to legal liabilities and costly financial penalties, and place employees, customers, stakeholders and partners at risk.”
The threat from cyberattacks and breaches has never been higher, and thanks to the rise of advanced tools such as generative AI, the sophistication of all forms of attack is increasing too.
Ransomware attacks and malware infections are all too common for business nowadays, both of which severely compromise the safety and data of both themselves and their customers. Keeper Security encourages organizations to be transparent and honest when reporting cybercrimes.