Return to list of client alerts

Security Pros Say They’ve Been Told to Hide Breaches

This is an interesting situation.

If you are the company that has been breached, but might be motivated to hide that fact.

On the other hand, if the breach is on the other side – say a supplier or partner – and your data was compromised, the fact that the compromised entity is not telling you is a problem because when it comes out that they were breached, you will get sued. They might also, but you will be in the middle because you picked that partner or supplier.

And, depending on the situation, you may have broken the law or are in breach of contract with your customers, so you are in a bit of a bind.

Bitdefender, a security software company, conducted a survey of IT security pros. Here is what they found.

According to the results from large companies in the US, EU and Britain, half of the organizations have experienced a data leak in the past year with America being the worst – 75% say they have experienced a breach.

40 percent of IT security people say there were told not to report the breach and that climbs to 70 percent in the US.

Globally, 30 percent were good soldiers and did not report the breach. In the US, that number climbed to over half.

The reason is pretty obvious. Globally, 54 percent said they were worried about lawsuits. In the US, that number was almost 80 percent.

In spite of all of this, 94 percent said they are confident in their organization’s ability to respond to cyber threats.

Is this optimism or something else?

One reason why the stats are better in Europe is that the penalty for not complying is way worse than in the US. A company that fails to report a breach risks a fine of up to 4 percent of their total global revenue. Nothing like that exists in the US.

Companies are under a lot of pressure. And they have a shortage of security resources.

If you have to make a decision about reporting a breach, consider this. What if you were on the other side of the breach. Wouldn’t you want to know if your data was breached? And, consider the contracts you have with partners. Do they have the right terms in them?

If you need assistance with reviewing or modifying contracts, please contact us.

Credit: The Register