Every other business fails to fully inform customers if their data was compromised in a cybersecurity incident. This is according to The Business View of Security: Examining the Alignment Gap and Dangerous Disconnects report, published by CyberArk.
Based on a survey of business leaders, the report says this practice will need to change significantly before GDPR kicks in, or businesses will face a world of issues.
Aside from the fact that businesses don’t disclose everything properly, the report also says that businesses are concerned about security, but that concern does not translate into accountability.
Almost half (46 per cent) of those surveyed said their company can’t stop every breach attempt, while 63 per cent worry their organisation is susceptible to attacks like phishing. Half (49 per cent) have said that they don’t know enough about security policies, nor do they understand what their role would supposed to be, during an incident like this.
A third said they don’t have adequate knowledge of, as CyberArk puts it – presumably their own security policies.
“Unfortunately, it’s not uncommon for organisations to want to hide the extent of damage caused by cyber attacks. As we’ve seen in data breaches at Yahoo!, Uber and more, these organisations are either intentionally hiding initial details, or the attacks were more extensive than first thought,” said David Higgins, Director of Customer Development, EMEA at CyberArk.
“This sort of behaviour will have massive consequences in the coming year with enforcement of GDPR fines for lack of compliance. What’s also surprising about this survey is the persistence of rampant poor security best practices and lack of consistency across line of business and IT security leaders – despite strong awareness of risks and continued headline-generating cyber attacks.”
Image source: Shutterstock/lolloj