Survey: 20 percent of repsondents worked for a company that hid a breach
AlienVault surveyed 1,107 attendees of the RSA Conference 2015 in San Francisco and found that roughly 20 percent have worked at a company that suffered a breach and hid it.
Asked what course of action is best following a breach, nine percent of respondents said to just keep quiet if nobody knows, and 66.8 percent said to use the event to convince the board to give the needed security budget.
Regarding who should take the fall following a major breach, 38.8 percent of respondents said the CISO, 26.4 percent said the CIO, 23.9 percent said the CEO, and another 23.9 percent said the VP of IT.
In other findings, 61.7 percent of respondents who found a vulnerability would privately disclose it to the company, while 12 percent would publicly fully disclose and 9.8 percent would publicly disclose without releasing details.