Even though hiding a data breach from the regulators (and the public) might result in major fines, legal ramifications, and a tarnished brand image, many businesses still do it, new research has claimed.
A repot from Atlas VPN claims nearly half (42%) of IT leaders around the world were told to keep cybersecurity incidents to themselves.
What’s more, more than half of the surveyed businesses said they had experienced at least one data breach in the last 12 months.
There are many reasons why businesses should be reporting cybersecurity incidents to the authorities, with the most obvious one being customer data theft.
Cybercriminals who steal personally identifiable data may use it for impersonation and other types of fraud or sell it to third parties on the dark web. Customers not knowing they’re being impersonated online only exacerbates the problem. Furthermore, sharing the type of malware (opens in new tab) used in the attack might help other businesses stay protected.
Still, almost a third (30%) of IT pros kept data breaches a secret, even though they knew they should be reporting them.
Among all of the countries surveyed for the report, US businesses fared the worst, it was said, with almost three-quarters (70%) of IT leaders in the country being told to keep cyber incidents hush-hush. Also, more than half (55%) kept data thefts a secret, even though they knew it was the wrong thing to do.
On the other end of the spectrum are German businesses, where just above a third (35%) were told to be quiet, and only 15% actually were. Furthermore, more than half (54%) were never told to keep a cyberincident a secret.
“In an age where data breaches have become a grim reality, such practice undermines the fundamental principles of transparency, accountability, and proactive risk mitigation. Organizations must recognize that concealing data breaches erodes customers’ trust and hinders the collective effort required to combat cyber threats,” commented Cybersecurity writer at Atlas VPN, Vilius Kardelis.