A recent survey conducted by Keeper Security, a provider of cloud-based cybersecurity software, has shed light on the widespread shortcomings in reporting cybersecurity attacks and breaches. The survey, titled “Cybersecurity Disasters Survey: Incident Reporting & Disclosure,” revealed that many organizations do not have proper policies for reporting cyber incidents, despite the growing risk of cyber threats.
According to the survey, 74% of respondents expressed concerns about a cybersecurity disaster impacting their organization. In addition, 40% of respondents admitted that their organization has experienced some type of cyber disaster. However, when it comes to reporting these breaches, both internally and externally, significant gaps exist.
The survey found that 48% of respondents were aware of a cybersecurity attack that their organization did not report to the appropriate external authorities. This indicates that organizations may be failing to meet their legal obligations in reporting such incidents. Internally, 41% of cyberattacks were not disclosed to internal leadership, which raises concerns about transparency within organizations.
One concerning finding from the survey is that of those who admitted to not reporting an attack or breach to leadership, 75% said they felt guilty for not doing so. This suggests that there may be a lack of awareness or understanding of the importance of reporting these incidents. Fear of repercussion, thinking reporting was unnecessary, and forgetting to report the incident were cited as the top three reasons for not reporting.
The survey also highlighted the lack of priority given to cybersecurity within organizational cultures. Many respondents expressed concerns about short-term harm to their organization’s reputation and potential financial impacts as reasons for not reporting incidents. Furthermore, nearly one-fourth of all respondents said their organizations had no system in place to report breaches to leadership.
Darren Guccione, CEO and co-founder of Keeper Security, emphasized the need for cultural change within organizations. He stated, “Accountability starts at the top, and leadership must create a corporate culture that prioritizes cybersecurity incident reporting, otherwise they will open themselves up to legal liabilities and costly financial penalties, and place employees, customers, stakeholders, and partners at risk.”
The survey findings suggest that organizations should adopt best practices, policies, and procedures to safeguard against ongoing threats. Encouraging transparency and honesty in cyber disaster reporting is critical in the current high-risk security climate. Implementing measures such as password and privileged access management can be effective ways to prevent cyber disasters.
The survey was conducted by an independent research firm and involved 400 IT and security leaders in North America and Europe. Keeper characterizes “cybersecurity disasters” as any event that severely impacts the confidentiality, integrity, or availability of an information system.
In conclusion, the survey by Keeper Security highlights the need for organizations to improve their incident reporting and disclosure practices. It emphasizes the importance of cultural change within organizations to prioritize cybersecurity and ensure accountability. By adopting best practices and implementing proper reporting procedures, organizations can better protect themselves against cyber threats and mitigate the potential consequences of a cyber disaster.