Despite broad hints from the likes of the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC) that openness and transparency is the right choice in the wake of a cyber attack, and that cooperation may lessen the severity of regulatory penalties, victims are still paralysed with fear when the time comes to stepping forward, a report has revealed.
In a study of IT and security team leaders, titled Cybersecurity disasters survey: Incident reporting & disclosure, Keeper Security revealed that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards – 75% said they felt guilty about keeping quiet.
Broadly, the findings of the report demonstrate major shortcomings in how organisations respond to and report attacks and breaches, many of which ultimately seem to point to deep-rooted cultural issues within businesses.
Keeper said that fear, forgetfulness, misunderstanding and poor corporate cyber culture all contribute to these failings. Among other things, 43% of IT and security pros feared…
