Bitdefenders 2023 Cybersecurity Assessment report, based on a survey of over 400 IT and security professionals in the U.S., France, Germany, Italy, Spain, and the U.K., revealed that 70% of U.S.-based respondents said they were told to keep a data breach confidential, while almost 55% "said they had kept a breach confidential when they knew it should have been reported," compared with 44% to 54% of those from other countries, TechTarget reports.
"We can only speculate why they are being told to keep quiet -- but most likely it is due to fear of potential monetary backlash either through fines or needed resources (time and money) to alert stakeholders such as customers," said Bitdefender Technical Solutions Director Martin Zugec. When asked about the impact of the new laws requiring companies to report a breach in the U.S. and the European Union, 78% of U.S.-based respondents and 55% of overall respondents reported being worried that their companies may face legal action due to a breach mismanagement.
The report also found zero-day exploits and software vulnerabilities as the top threat concerns, followed by phishing campaigns, supply chain attacks, and ransomware. "The current trend of weaponizing known vulnerability exploits is another step in [threat actors'] evolution, and detailed as a new effective strategy for cybercriminals," said Zugec.
