- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Two-Fifths of IT Pros Told to Keep Breaches Quiet
Over two-fifths (42%) of IT professionals have been told to keep a security breach under wraps, potentially inflaming regulatory compliance risk, according to a new study from Bitdefender.
The security vendor polled 400 IT professionals, from IT junior managers to CISOs across various industry sectors, in organizations with over 1000 employees.
The resulting report, Bitdefender 2023 Cybersecurity Assessment, found that over half (52%) had suffered a data breach or leak over the previous 12 months, rising to 75% in the US.
The US also topped the list in terms of the share of respondents who claimed they’d been told to keep a breach secret (71%). In all other countries surveyed (France, Italy, Germany, Spain and the UK), the figure was under the global average.
Separately, nearly a third (30%) of respondents said they kept a breach to themselves even though they knew it should be reported. The figure once again was much higher in the US (55%).
There are breach notification requirements in all US state and across the EU, if the incident involves individuals’ personally identifiable information (PII).
Read more about breaches: Near-Record Year for US Data Breaches in 2022.
Failing to properly disclose a breach creates several challenges. It means governments, law enforcers and others may underestimate the level of cyber-threat activity, and it could land the company in legal jeopardy if the incident is eventually discovered.
A massive 2016 breach at Uber is a case in point – attempts to cover up the incident exacerbated the eventual fallout and led to a criminal conviction for its former CSO.
Over half (55%) of respondents to the Bitdefender study said they are worried about their company facing legal action due to a breach being mismanaged.
The number one security threat they highlighted was software vulnerabilities and/or zero-days (53%), followed by phishing/social engineering threats (52%) and attacks targeting the supply chain (49%).
“Worldwide, organizations are under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with complexities of extending security coverage across environments and an ongoing skills shortage,” acknowledged Andrei Florescu, deputy general manager at Bitdefender Business Solutions Group.