Security Teams Pressured into Keeping Quiet About Security Breaches
Ransomware and phishing attacks on organizations have increased over the past 12 months as have the costs associated with the attacks. In 2022, the average cost of a data breach increased to $4.35 million and $10.1 million for healthcare data breaches (IBM Security).
Due to the high costs and reputational damage caused by data breaches, cybersecurity teams are being pressured into keeping cyberattacks and data breaches quiet, even though there are often legal requirements for reporting data breaches. The recently published Bitdefender 2023 Cybersecurity Assessment has revealed the extent to which cybersecurity teams are being pressured into staying silent about data breaches. In the United States, 74.7% of respondents said they had experienced a data breach or data leak in the past 12 months and 70.7% of those respondents said they had been told to keep a security breach confidential when it should have been reported. 54.7% of respondents said they did keep a security breach confidential when they knew it should be reported.
Bitdefender’s survey suggests healthcare organizations are failing to report data breaches. 28.6% of healthcare respondents said they were told not to report a security incident that should have been reported and did not report the breach. In the United States, 78.7% of respondents said they are worried that their company will face legal action due to the incorrect handling of a security breach.
Bitdefender also asked IT professionals about the biggest threats that they now face. In the United States, the biggest perceived threats were software vulnerabilities/zero days (80%), supply chain attacks (73.3%) phishing/social engineering (58.7%), insider threats (50.7%), and ransomware (45.3%), with the human factor the biggest concern for business leaders. The biggest security challenges faced by U.S. organizations were extending security capabilities across multiple environments (49.3%), complexity (49.3%), incompatibility with other security solutions (32.1%), and reporting capabilities (40%).
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Respondents were also asked about the biggest security myths that they would love to see busted. The biggest bugbear was that the organization is not a target for cybercriminals (42.7%), closely followed by using non-corporate approved apps is not a big deal (40%), that security is the sole responsibility of the IT department (36%), and emails that are delivered to inboxes are always safe to click/open (36%).
Given the increase in cyberattacks on U.S. organizations, it is reassuring that 78.7% of respondents said they are planning to increase their security budgets. 49.3% of respondents said they were planning to cut back on new cybersecurity tech purchases and 38.7% said they were cutting back on new cybersecurity hires, as organizations look to security vendors to provide assistance. 95% of respondents said they are planning on increasing the number of security vendors, and 90% said they are looking for holistic, all-in-one security solutions to ease the burden and avoid compatibility issues.
The survey for the report was conducted by Censuswide on 400 IT professionals from junior IT managers to CISOs, in organizations with 1000+ employees in the USA, UK, Germany, France, Italy, and Spain.
