Survey finds that 98% of EU companies would not report a security breach

A survey has found that just two per cent of companies in the European Union [EU] would publicly admit to having a security breach.

Research firm AlienVault surveyed 300 information security professionals across the continent and found that most companies would rather keep quiet when a breach occurs, something they believe is more than understandable.

"On the one hand, publicising a breach would help other businesses avoid falling prey to attacks. On the other, damage to your brand and reputation could be significant," said Barmak Meftah, president and CEO of AlienVault.

To the same question 38 per cent said they would be willing to inform the relevant authorities, 31 per cent would let their employees know and 11 per cent would share the information gleaned with the security community.

Reluctance to admit a security breach also has a lot to do with revised European Commission rules that will, in future, levy fines that are two per cent of global annual turnover on any company that suffers a breach. Meftah admitted this could be “potentially disastrous” for some businesses.

Sharing information with competitors to fight breaches is popular with 50 per cent saying they would do so in the wake of a hack – 35 per cent anonymously and the remaining 15 per cent happy to be named.

"Sharing information about the source and nature of attacks allows the security community to act fast, and quickly isolate malicious or compromised hosts," said Meftah.

When an attack first strikes, 52 per cent of respondents would research the impact with 31 per cent trying to find a patch to rectify it. Five per cent would do nothing at all and a further one per cent is happy to wait and see what the impact ends up being.

In terms of trying to work out the appropriate security for a company, there was a mixed bag of answers with just as many people using informal channels like blogs and forums as those going through “more formal channels”.

14 per cent use informal communications channels like blogs, six per cent utilise underground forums and 13 per cent ask the advice of their peers when trying to gauge the correct level of security.

On the other side of the coin 13 per cent use news sites, 10 per cent use partners or resellers and 14 per cent go through education or training channels. 6 per cent used advertising and marketing and 16 per cent used their own research after a problem had been discovered.

Register for IP EXPO 2013 now

If you register with ITProPortal.com, you'll receive:

- Fast-track access to the seminar programme

- Entry into a prize draw for an exclusive gourmet dining experience at IP EXPO ONE Place Dining.

- PLUS: As a loyal reader of ITProPortal, you'll also be able to kick back in the exclusive ITProPortal lounge, enjoying complimentary beverages and the chance to chat to our expert team of technology writers.

Image Credit: Flickr (European Parliament)