Fear, ignorance and forgetfulness are some of the reasons for widespread shortcomings in reporting cyber-attacks and breaches, both internally and externally, according to a new global survey conducted by Keeper Security.
The study, Cybersecurity Disasters Survey Incident Reporting & Disclosure, was published on September 26, 2023.
It found that, despite cyber-attacks being top of mind for IT and security leaders 40% of them said they had experienced one and 74% admitted they were concerned about a future “cybersecurity disaster” impacting their organization.
The report also showed worrying shortcomings when reporting attacks, with 41% not reported to internal leadership and nearly half (48%) keeping incidents a secret from the appropriate authorities.
Why is Cybercrime Underreported?
When asked about the reasons for their lack of internal disclosure, a combined 48% of IT and security leaders said they did not think leadership would care about a cyber-attack (25%) or would respond to it anyway (23%).
The lack of reporting to authorities was largely based on the fear of repercussion (43%) and short-term concerns about harm to the organization’s brand (36%), followed by a feeling it was unnecessary (36%) and forgetfulness (32%).
“These responses underscore the importance of business leaders creating and upholding a culture of transparency, honesty and trust when it comes to cybersecurity. Cybersecurity is a shared responsibility and a fear of repercussion should never deter employees from reporting incidents that stand to cause serious harm,” reads the report.
Reporting incidents to the government authorities is also a requirement in many countries, including the UK, the EU and the US.
In a May 2023 social media campaign to debunk cybersecurity myths, the UK Information Commissioner's Office (ICO) insisted that “Reporting a cyber incident [does not] make the incident more likely to go public [but] means you can access the wealth of support available from the UK National Cyber Security Centre and the ICO.”
The survey was conducted on 400 It and security leaders throughout 2023 by Keeper Security and TrendCandy Research.
Read more: Board Members Struggling to Understand Cyber Risks