The news: Nearly half (42%) of IT professionals have been told to hush up data breaches and ransomware attacks, according to a survey by Bitdefender, per VentureBeat. More shockingly, 29.9% of respondents admitted to keeping a breach confidential instead of reporting it.
Bitdefender surveyed more than 400 IT security professionals serving companies of over 1,000 employees.
Why it’s worth watching: The trend of failing to disclose threats is escalating just as the cyberthreat landscape is becoming more aggressive, with 52% of organizations experiencing a data breach within the past 12 months.
- Law enforcement agencies estimate the number of cybercrimes that go unreported by businesses in the millions, per CSO.
- A study by the Ponemon Institute found that the average cost of a data breach is $3.86 million.
- The five most common threats are software vulnerabilities and zero-days, phishing and social engineering, supply chain attacks, ransomware, and insider threats.
Why are businesses hiding security breaches? Organizations are burying data breaches to avoid legal and financial penalties or to skirt liability for compromising their user’s data.
- The research comes less than a year after the FTC convicted former Uber CSO Joseph Sullivan for attempting to cover up a hack of Uber in 2016.
- In 2020, JBS was forced to pay $11 million to settle a class-action lawsuit brought by customers who were affected by a data breach that exposed their personal information.
The problem: According to the Annual Data Breach Report by the Identity Theft Resource Center, 41% of US companies have been breached multiple times in the past five years.
Key takeaway: The growing aggressiveness and sophistication of recent ransomware attacks reveals criminals repeatedly target businesses that don’t report cyberattacks. Agencies are combating the threat, but more businesses need to report attacks.
%20scale(0.100000,-0.100000)%22%0A%20%20fill=%22%23000000%22%20stroke=%22none%22%3E%0A%20%20%3C/g%3E%0A%3C/svg%3E%0A)
