A recent global survey conducted by Keeper Security [1] [2] [3] [4] [5] [6] [7] [8], a leading provider of cloud-based cybersecurity software [6], reveals concerning gaps in reporting cybersecurity incidents. Despite cyber-attacks being a top concern for IT and security leaders [4], the survey shows a widespread lack of confidence in organizations’ ability to effectively respond to and prevent cyber threats.
Description
The survey conducted by Keeper Security found that 40% of organizations have experienced a cybersecurity incident [6] [9]. However, nearly half of these incidents were not disclosed to the appropriate authorities [6]. Fear of repercussion [1] [2] [3] [5] [6] [7] [8] [9], thinking reporting was unnecessary [1] [2] [5] [6] [7] [9], and forgetfulness were cited as the top reasons for not reporting incidents [6] [7]. Additionally, the survey revealed that organizational cultures do not prioritize cybersecurity [5] [6], with 48% of respondents believing that leadership would not care or respond to a cyberattack [6].
Furthermore, the survey showed that 74% of IT and security leaders are worried about future cybersecurity disasters, indicating a lack of confidence in organizations’ ability to respond to and prevent cyber threats. The survey emphasizes the need for organizations to prioritize cybersecurity incident reporting and create a culture that encourages transparency and honesty [6] [9]. Best practices [2] [5] [6] [7], such as password and privileged access management [6], are recommended to prevent cyber disasters [6].
The survey [1] [2] [3] [4] [5] [6] [7] [8], conducted by an independent research firm [6], included 400 IT and security leaders in North America and Europe [6]. It sheds light on the lack of policies for cyber incident reporting and the widespread underreporting of security breaches [6]. The findings underscore the urgent need for organizations to address these shortcomings and take proactive measures to protect against cyber threats. Guilt is high among those who admit to not reporting an attack or breach [5], with 75% feeling guilty for not doing so [3] [5]. Misunderstanding and poor corporate cyber-culture contribute to the underreporting of security breaches [5]. Respondents expressed a need for senior leadership to demonstrate a vested interest in cybersecurity and provide the necessary resources and support to report and respond to attacks [2] [5] [9]. The survey emphasizes the importance of cultural changes around cybersecurity and accountability starting at the top [5]. It recommends adopting best practices [5], policies [1] [2] [5] [6] [7], and procedures to safeguard against ongoing threats [2] [5] [7]. The full report can be downloaded for more information [5].
Conclusion
The survey conducted by Keeper Security reveals widespread shortcomings in reporting cybersecurity attacks and breaches [1] [2] [5] [7]. It highlights the lack of policies for cyber incident reporting and the underreporting of security breaches [6]. To avoid legal liabilities and protect employees [2] [7], customers [2] [7], stakeholders [2] [7], and partners [2] [7], organizations must prioritize cybersecurity incident reporting and create a culture that encourages transparency and honesty [6] [9]. It is crucial for organizations to adopt best practices and policies to safeguard against ongoing threats and ensure effective response and prevention of cyber disasters in the future.
References
[1] https://ai-techpark.com/keeper-security-releases-findings-from-a-new-survey/
[2] https://vmblog.com/archive/2023/09/26/keeper-security-releases-cybersecurity-disasters-survey-incident-reporting-disclosure.aspx
[3] https://www.digit.fyi/new-survey-the-top-reasons-cyber-attacks-arent-reported/
[4] https://www.infosecurity-magazine.com/news/half-cyberattacks-go-unreported/
[5] https://www.digitalpulsehq.com/keeper-security-releases-cybersecurity-disasters-survey-incident-reporting-disclosure/26/09/2023/
[6] https://www.prnewswire.com/news-releases/keeper-security-releases-cybersecurity-disasters-survey-incident-reporting–disclosure-301938319.html
[7] https://cioinfluence.com/security/keeper-security-releases-cybersecurity-disasters-survey-incident-reporting-disclosure/
[8] https://www.techradar.com/pro/security/many-firms-arent-reporting-breaches-to-the-proper-authorities
[9] https://www.computerweekly.com/news/366553240/Cover-ups-still-the-norm-in-the-wake-of-a-cyber-incident
