The survey of 400 it and security professionals published by Bitdefender found that 42 percent of respondents had been told that a breach should remain confidential – even if they knew it should be reported. In addition, 30 percent said they had actively avoided disclosing a breach themselves, despite specific processes to do so.
The research comes at a time when studies show that cyber threats have reached an all-time high.
US security experts keep breaches Secret more often
The study found that US-based security professionals most often kept a breach “under the hood” when they knew it should have been made public. In total, 71 percent of respondents from the US failed to warn senior management or customers of a breach.
The staff in the EU, on the other hand, seemed more honest. Staff based in the UK, France, Germany, Spain and Italy were the least likely to withhold a breach notification.
Failure to report data breaches can pose a significant risk to organizations on both sides of the Atlantic. In both the European Union and the United States, companies are currently required by law to disclose an incident when customer data has been exposed.
For example, EU-based organisations are required to notify a supervisory authority “without undue delay” and no later than “within 72 hours of becoming aware of the infringement”.
In January, the US Federal Communications Commission (FCC) hinted at a possible revision of the legislation that would give telecom companies less time to report data security breaches.