Many companies have been affected by cybersecurity incidents, but only half of them have reported them to external authorities. This is now proven by the new study “Cybersecurity Disasters: Incident Reporting & Disclosure”.
Keeper Security’s “Cybersecurity Disasters: Incident Reporting & Disclosure” study shows that despite the growing threat of cyberattacks, there is a lack of guidelines for reporting cyber incidents. 74 percent of respondents said they are worried that their company could be affected by a cybersecurity disaster. 40 percent of respondents said their company had experienced a cyber disaster. Despite this experience and numerous concerns, security breaches are often not reported to management and the relevant authorities.
External reporting: 48 percent of respondents were aware of a cybersecurity attack that their company did not report to the appropriate external authorities.
Internal reporting: 41 percent of cyberattacks were not reported to internal management.
Corporate cultures do not prioritize cybersecurity
Despite potential long-term financial and reputational consequences, inadequate disclosure and transparency practices prevail. Failure to report is largely due to fear of short-term negative consequences to the company's reputation (43 percent) and financial impact (40 percent).
Respondents also noted that management needs to take a strong interest in the cyber situation and provide them with sufficient IT and security professionals to report and respond to attacks.
A total of 48 percent of those surveyed are of the opinion that management is neither interested in a cyber attack (25 percent) nor would they react to it (23 percent).
Almost a quarter of all respondents (22 percent) said their company had “no system” for reporting violations to management.
Best practices
“The numbers make it clear that companies need to significantly change their culture around cybersecurity because it is a shared responsibility,” said Darren Guccione, CEO and co-founder of Keeper Security. “Responsibility starts at the top, and leaders must create a culture that prioritizes reporting cybersecurity incidents. Otherwise, they expose themselves to legal liabilities and costly financial penalties, putting employees, customers, stakeholders and partners at risk.”
In a time of great security risk, it is crucial to be transparent and honest when documenting cyber disasters and to implement best practices, guidelines and processes to protect against ongoing threats. One of the most effective methods for preventing cyber disasters is managing passwords and privileged access. It is simple, but at the same time offers companies elementary protection.
Method
Keeper commissioned an independent market research firm to survey 400 IT and security leaders in North America and Europe to gain their experience with cybersecurity incidents, documentation and data recovery. An independent research company conducted the survey in 2023. Keeper defines “cybersecurity disasters” as any event that seriously compromises the confidentiality, integrity, or availability of an information system.
Go directly to the report on Keeper.com
About Keeper Security Keeper Security is changing the way people and organizations around the world protect their passwords, secrets and sensitive information. Keeper's easy-to-use cybersecurity platform is built on the foundation of zero-trust, zero-knowledge security to protect every user and every device.