Over two-fifths (42%) of IT professionals have been told to keep a security breach under wraps, potentially inflaming regulatory compliance risk, according to a new study from Bitdefender.
The security vendor polled 400 IT professionals, from IT junior managers to CISOs across various industry sectors, in organizations with over 1000 employees.
The resulting report, Bitdefender 2023 Cybersecurity Assessment, found that over half (52%) had suffered a data breach or leak over the previous 12 months, rising to 75% in the US.
The US also topped the list in terms of the share of respondents who claimed they’d been told to keep a breach secret (71%). In all other countries surveyed (France, Italy, Germany, Spain and the UK), the figure was under the global average.
Separately, nearly a third (30%) of respondents said they kept a breach to themselves even though they knew it should be reported. The figure once again was much higher in the US (55%).
There are breach notification requirements in all US state and across the EU, if the incident involves individuals’ personally identifiable information (PII).
Read more about breaches: Near-Record Year for US Data Breaches in 2022.
Failing to properly disclose a breach creates several challenges. It means governments, law enforcers and others may underestimate the level of cyber-threat activity, and it could land the company in legal jeopardy if the incident is eventually discovered.
A massive 2016 breach at Uber is a case in point – attempts to cover up the incident exacerbated the eventual fallout and led to a criminal conviction for its former CSO.
Over half (55%) of respondents to the Bitdefender study said they are worried about their company facing legal action due to a breach being mismanaged.
The number one security threat they highlighted was software vulnerabilities and/or zero-days (53%), followed by phishing/social engineering threats (52%) and attacks targeting the supply chain (49%).
“Worldwide, organizations are under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with complexities of extending security coverage across environments and an ongoing skills shortage,” acknowledged Andrei Florescu, deputy general manager at Bitdefender Business Solutions Group.