50 percent of organisations did not disclose data breaches to customers

According to a new CyberArk survey, half of organisations (50 percent) did not fully inform customers when their personal data was compromised in a cyber attack. With enforcement of the General Data Protection Regulation (GDPR) anticipated for May 2018, organisations that do not take action to improve transparency associated with breaches will face substantial consequences.

  • 7 years ago Posted in
The findings are included in the second installment of the CyberArk Global Advanced Threat Landscape Report 2018.  This report, “The Business View of Security: Examining the Alignment Gap and Dangerous Disconnects,” reviews business leaders’ views of IT security and misalignment with IT security leaders that can put organisations, and their customers, at risk.

Additional key findings include:
  • Security concern does not translate into accountability 
    • 46 percent of security respondents say their organisation can’t stop every attempt to break into their internal network
    • 63 percent of business respondents are concerned that their organisation is susceptible to attacks, like phishing, targeting the executive team
    • Despite this high level of concern, 49 percent of business respondents report not having sufficient knowledge about security policies, and 52 percent do not understand their specific role in response to a cyber attack
    • Worryingly, 33 percent of security professionals surveyed also claimed not to have adequate knowledge of – presumably their own – security policies
 
  • Gaps in security best practices persist
    • 42 percent of line of business respondents say they store passwords in a document on a company PC or laptop
    • 21 percent of line of business respondents still record credentials in paper notebooks or store them in filing cabinets
    • 31 percent of security professionals surveyed still do not use a privileged account security solution to store and manage privileged and/or administrative passwords
  • Trust in security is at the core of commercial relationships
    • Similarly, 44 percent of business respondents say potential partners assess their organisation’s security before doing business with them
    • 51 percent of organisations provide third-party vendors remote access to their networks and, of this group, 23 percent fail to monitor remote vendor activity
                                                    
“Unfortunately, it’s not uncommon for organisations to want to hide the extent of damage caused by cyber attacks. As we’ve seen in data breaches at Yahoo!, Uber and more, these organisations are either intentionally hiding initial details, or the attacks were more extensive than first thought,” said David Higgins, Director of Customer Development, EMEA at CyberArk. “This sort of behaviour will have massive consequences in the coming year with enforcement of GDPR fines for lack of compliance. What’s also surprising about this survey is the persistence of rampant poor security best practices and lack of consistency across line of business and IT security leaders – despite strong awareness of risks and continued headline-generating cyber attacks.”
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...