Half of all data breaches go unreported, companies admit

DataIQ News

There are many elements of GDPR which will be a major wake-up call for businesses, but, if the results of a new study by CyberArk are to be believed, the issue of data breach notification - or lack of it - remains the most pressing.

According to the second installment of the CyberArk Global Advanced Threat Landscape Report 2018, over the past 12 months alone half of organisations did not fully inform customers when their personal data was compromised in a cyber attack.

However, it also shows that security concerns do not translate into accountability, with some 46% of security respondents admitting that their organisation can not stop every attempt to break into their internal network.

Meanwhile, over three-fifths (63%) of business respondents are concerned that their organisation is susceptible to attacks, like phishing, targeting the executive team.

But despite this high level of concern, nearly half (49%) of business respondents report not having sufficient knowledge about security policies, and 52% do not understand their specific role in response to a cyber attack.

Worryingly, a third (33%) of security professionals surveyed also claimed not to have adequate knowledge of – presumably their own – security policies.

CyberArk director of customer development for the EMEA region David Higgins points out that it is not uncommon for organisations to want to hide the extent of damage caused by cyber attacks.

He added: "As we've seen in data breaches at Yahoo!, Uber and more, these organisations are either intentionally hiding initial details, or the attacks were more extensive than first thought.

"This sort of behaviour will have massive consequences in the coming year with enforcement of GDPR fines for lack of compliance. What's also surprising about this survey is the persistence of rampant poor security best practices and lack of consistency across line of business and IT security leaders – despite strong awareness of risks and continued headline-generating cyber attacks."