Many IT decision-makers guilty of keeping cyberattacks secret

(Image credit: Kingston)

Many business leaders are failing to disclose if their business has been affected by a cyberattack or data breach, a new report has found.

Research by password manager firm Keeper Security found that more than a third (36%) senior IT leaders kept a cyberattack to themselves, mostly due to the “weight of responsibility”.

Even though the General Data Protection Regulation (GDPR) demands businesses to disclose, as quickly as possible, when they suffer a data breach or cyberattack, many business leaders still decide to sit on this information.

Most organizations are aware of the problem, but many aren’t doing much to address it. Some have even relaxed their cybersecurity policies to allow their employees to work remotely, signaling that for many - security has taken a back seat during the lockdown.

More than nine in ten (92%) of businesses in the UK suffered a cyberattack in the last 12 months, the report found. As a result, over three-quarters (78%) don’t feel prepared to deal with such a threat, while a third (31%) expect Chief Technology Officers (CTO) to carry this burden alone. CTOs, on the other hand, often make the problem worse, as 32% admitted to using weak credentials. They often use words such as “password” or “admin” for passwords.

Major risk for SMBs

It is then perhaps unsurprising that Keeper Security found how 58% of IT professionals feel employees at their organizations do not understand the full consequences of poor cyber-hygiene.

Even though the UK effectively abandoned the EU after Brexit, GDPR still plays a major role. Organizations that manage data from EU-based citizens still need to be compliant, and the UK’s own data protection policies are synchronized with those of the EU, as well.

SMBs that fail to protect their sensitive data could be forced to pay a fine, and would be looking at a ruined brand reputation and brand loyalty. Multiple studies have shown that customers would gladly abandon the company that gets breached and often worry about how the data they share with companies is being used. All these things can have a major negative effect on the bottom line. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.