Alarming Number of Organizations Cover Up Data Breaches, Study Reveals

A new study by cybersecurity vendor Bitdefender has revealed a concerning trend of organizations deliberately covering up data breaches, with nearly a third of respondents admitting to keeping breaches confidential instead of reporting them. The research, released by Bitdefender, surveyed over 400 IT and security professionals employed in companies with 1,000 or more employees. The findings showed that 42% of the surveyed professionals had been instructed to keep breaches confidential when they should have been reported. Even more shockingly, 29.9% of the respondents confessed to complying with such instructions and actually keeping data breaches under wraps.

The study highlights a troubling pattern of behavior among organizations that choose to ignore their legal and ethical obligations to report data breaches to regulators and affected customers. These companies are willing to risk the trust and security of their stakeholders in an attempt to avoid legal repercussions and financial penalties.

Screenshot from BitDefender 2023 Cybersecurity Assessment

The findings come at a time when cybercrime is increasingly difficult to prevent, with many security leaders exerting pressure on IT professionals to conceal breaches from public knowledge. The research’s release coincides with the aftermath of the high-profile case involving former Uber CSO Joseph Sullivan, who was convicted by the FTC for attempting to cover up a 2016 Uber data breach. The case underscores the seriousness of lying about data breaches and the potential legal consequences that can arise in many jurisdictions.

The study also identified the top five cyber threats that organizations are most concerned about, including software vulnerabilities and zero-days, phishing and social engineering, supply chain attacks, ransomware, and insider threats. It was reported that 52% of organizations had experienced a data breach within the past 12 months.

As the threat landscape evolves and becomes more demanding, organizations face tremendous pressure to contend with emerging threats such as ransomware, zero-day vulnerabilities, and espionage. Andrei Florescu, deputy general manager and senior vice president of products at Bitdefender’s business solutions group emphasized the importance of investing in threat prevention, detection, and response solutions to minimize the impact on organizations and reduce the likelihood of covering up breaches.

As data breaches continue to pose significant risks to businesses and individuals, the study’s findings underscore the urgent need for transparency, accountability, and proactive security measures in safeguarding sensitive information. The consequences of covering up data breaches can be far-reaching, with potential damage to reputations, legal action, and loss of customer trust.

*Information contained in this news article is based on a study published by Bitdefender “Bitdefender 2023 Cybersecurity Assessment”