Phishing and ransomware attacks are on the rise with half of the companies experiencing some form of cyber threat in the past year.
Imagine your company experienced a major data breach, but instead of notifying the appropriate parties and taking necessary actions, you were instructed to keep it quiet!
A new study from cybersecurity vendor Bitdefender revealed that this is a reality for more than two-fifths of IT professionals — putting both organizations and individuals at risk: 42% of respondents have been instructed to keep a data breach under wraps, while nearly a third of respondents (30%) said they kept a breach to themselves even though they knew it should be reported.
The 2023 Cybersecurity Assessment Report is based on an independent survey and analysis of more than 400 IT and security professionals across various industry sectors in organizations ranging from manager to chief information security officer (CISO) who work in companies with 1,000 or more employees in geographical regions including France, Germany, Italy, Spain, United Kingdom and the United States.
The survey also found that over half (52%) had suffered a data breach or leak in the previous 12 months, with the figure rising to 75% in the United States.
According to the report, 42% of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential. The U.S. had the highest rate with 71% of IT/security professionals saying they have been told to keep quiet, followed by the U.K. at 44%, Italy at 36.7%, Germany at 35.3%, Spain at 34.8%, and France at 26.8%.
Other key findings from the report included:
52% of global respondents said they have experienced a data breach or data leak in the last 12 months. The U.S. led at 75% (or 23% higher than average) followed by the U.K. at 51.4% and Germany at 48.5% rounding out the top three. More than half (55%) of respondents agree they are worried about their company facing legal action due to a breach being mishandled.
When asked about the security threats that pose the greatest concern, respondents indicated they are most concerned about software vulnerabilities and/or zero-days threats (53%), phishing/social engineering threats (52%), and attacks targeting the supply chain coming in at third (49%).
More than two in five (43%) of IT/security professionals surveyed said extending capabilities across multiple environments (on-premises, cloud, and hybrid) is the greatest challenge they face which is tied to the complexity of security solutions also at 43%. Not having the security skill set to drive full value came in as a strong second at 36%. Italy and France cited a lack of security skill set as their biggest challenge at 49% and 45%.
99% of respondents stated that using a managed security provider, such as a managed detection and response (MDR) service, is a critical element of their security programs with almost all (99%) of respondents stating they are either currently using or considering using a managed security provider. The top reason respondents gave included the ability to have 24×7 security coverage (45%), followed by the ability to free up internal IT/cybersecurity resources (35%). Ninety-three percent of respondents identified proactive threat hunting as important.
The research comes less than a year after former Uber CSO Joseph Sullivan was convicted of attempting to cover up a 2016 hack of Uber, highlighting the fact that lying about data breaches is a serious criminal offense in many jurisdictions.
The study indicates that an alarming number of organizations are willing to ignore their obligations to report data breaches to regulators and stakeholders, in an attempt to avoid legal and financial penalties.
While it’s difficult to guarantee that an organization will address cyber incidents responsibly, proactive security leaders can look to decrease the chance of deceit by investing in threat prevention, detection, and response solutions that enable users to address and resolve security incidents faster, so that there is less impact on the organization and less exposure to legal and financial risk.
Andrei Florescu, Deputy General Manager and SVP of Products at Bitdefender’s Business Solutions Group discussed the survey’s findings: « The findings in this report depict organizations under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities, and espionage while struggling with complexities of extending security coverage across environments and an ongoing skills shortage. »