20% of security professionals say their company has hidden or covered up a breach

secretThere are many reasons that an organization would want to cover up a data breach, including avoiding heavy fines, reputational damage and loss of customers.

It’s therefore unsurprising that 20% of respondents to a recent AlienVault survey have witnessed a company hide a breach.

The survey – ‘Ethics, Security and Getting the Job Done’ – was conducted by AlienVault at this year’s RSA conference in San Francisco and surveyed over 1000 people.

Other key findings from the survey:

  • Over half of security professionals utilize hacker forums or associate with blacklist to keep abreast of the latest threats and technologies.
  • Most believe the CISO (chief information security officer) should be ultimately accountable for breaches.
  • Security breaches are used as leverage to increase security budgets.

Javaad Malik, AlienVault security advocate and author of the report, said in a brief about his findings:

“Many companies are realizing that being breached or suffering an incident is the part of the cost of business – however, when the inevitable does occur, the security teams still find themselves under considerable pressure which can contribute to breaches being hidden or vulnerabilities ignored.

“It provides a glimpse into the struggles of professionals working in a very young industry that has been thrust into the forefront of business, politics and media.”

Javaad is right. The last couple years have seen the number of data breaches explode, and we’ve seen many organizations stuck in the thick of it with little preparation. It’s very rare that a data breach occurs and the media covers it by saying, “They were breached, but they handled it really well” and that’s because very few know how to handle it – which may prove to be the reason that 20% chose not to handle it.


One Response

  1. clive bonny May 20, 2015