More than 40 percent of surveyed IT security professionals say they’ve been told to keep network breaches under wraps despite laws and common decency requiring disclosure.
That’s according to Bitdefender’s 2023 Cybersecurity Assessment report, which was published this month. According to responses from large companies in the US, EU, and Britain, half of organisations have experienced a data leak in the past year with America faring the worst: three quarters of respondents from that side of the pond said they experienced an intrusion of some kind.
To further complicate matters, 40 percent of IT infosec folk polled said they were told to not report security incidents, and that climbs to 70.7 percent in the US, far higher than any other country. When told to keep mum about breaches, 30 percent of the total global respondents said they followed through and obeyed those orders when they knew it should have been reported. In the US, that number climbs to 54.7 percent of the total.
Globally, 54.3 percent of respondents said they were worried their organisation was at risk of legal action due to incorrect handling of a security breach. Unsurprisingly, that number also spikes among US respondents, 78.7 percent of whom said they were worried their companies were open to legal action due to a bad breach response.
Despite those worrying statistics, a whopping 94 percent said they’re still confident in their organisation’s ability to respond to cybersecurity threats. Is this a massive blindspot, negligence – or what? According to Bitdefender, it’s simply par the course for a cybersecurity industry stretched to the breaking point.
“The findings in this report depict organisations under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with complexities of extending security coverage across environments and ongoing skills shortage,” said Andrei Florescu, deputy GM and SVP of product at Bitdefender Business Solutions Group.
