A recent global survey conducted by Keeper Security reveals concerning trends in the reporting of cyber-attacks and breaches, both within and outside organizations. The study, published in September 2023, found that despite the heightened awareness of cyber threats, 40% of IT and security leaders had experienced cyber-attacks, and 74% expressed concerns about future cybersecurity disasters.
However, the report highlighted significant shortcomings in reporting practices, with 41% of incidents going unreported to internal leadership and nearly half (48%) not being disclosed to appropriate authorities.
When questioned about their reasons for failing to report cyber incidents internally, 48% of IT and security leaders cited doubts that leadership would care about such incidents (25%) or respond effectively to them (23%). Additionally, reluctance to report to authorities was mainly driven by fear of repercussions (43%), short-term concerns about harm to the organization’s reputation (36%), a perception that reporting was unnecessary (36%), and forgetfulness (32%). The study underscores the crucial need for business leaders to establish a culture of transparency, honesty, and trust in cybersecurity, emphasizing that it’s a shared responsibility.
Furthermore, the survey highlighted the legal requirements in many countries, including the UK, EU, and US, for organizations to report cybersecurity incidents to government authorities. The UK Information Commissioner’s Office (ICO) emphasized in a May 2023 social media campaign that reporting cyber incidents does not necessarily lead to public disclosure but enables organizations to access support from the UK National Cyber Security Centre and the ICO.
Ultimately, the survey’s findings emphasize the urgency of addressing reporting gaps to ensure better cybersecurity practices and protect organizations from the growing threat of cybercrime.