New Research Exposes Cybersecurity Reporting Gaps: 48% of Incidents Go Unreported

In a cybersecurity landscape fraught with threats and vulnerabilities, a recent survey by Keeper Security, a provider of cloud-based zero-trust and zero-knowledge cybersecurity software, has shed light on a concerning trend: despite a notable 40% of organizations experiencing cybersecurity incidents, nearly half of them (48%) have refrained from disclosing these breaches to the appropriate authorities. This revelation underscores the critical need for enhanced reporting mechanisms and a shift in organizational cybersecurity culture.

The Cybersecurity Disasters Survey: Incident Reporting & Disclosure

Keeper Security's "Cybersecurity Disasters Survey: Incident Reporting & Disclosure" drew insights from 400 IT and security leaders in North America and Europe. The survey, conducted by an independent research firm in 2023, aimed to gauge the response of organizations to cyber disasters—defined as events significantly impacting the confidentiality, integrity, or availability of an information system.

Key Findings: Concerns and Omissions

The survey uncovered several significant findings:

• Concerns Abound: An overwhelming 74% of respondents expressed apprehension about a cybersecurity disaster affecting their organization.
• Incident Prevalence: Alarmingly, 40% of respondents confirmed that their organizations had encountered some form of cyber disaster.
• Lapses in Reporting: Despite these concerns and incidents, reporting breaches, whether internally or externally, remains problematic:
• External Reporting: Shockingly, nearly half of the respondents (48%) were aware of cybersecurity attacks within their organizations that went unreported to the appropriate external authorities.
• Internal Reporting: Equally concerning, 41% of cyberattacks were concealed from internal leadership.
• Feelings of Guilt: Of those who admitted to not reporting an attack or breach to their leadership, a staggering 75% expressed feelings of guilt for their inaction.

Understanding the Reporting Gap

Multiple factors contribute to the pervasive underreporting of security breaches:

• Fear of Repercussion: Fear of potential repercussions loomed large, with 43% citing it as a significant barrier to reporting.
• Misunderstanding: A substantial portion (36%) believed that reporting incidents was unnecessary, often due to a lack of understanding.
• Forgetfulness: Forgetfulness played a role, with 32% acknowledging that they simply forgot to report the incident.

The reluctance to report breaches stems primarily from concerns about short-term damage to the organization's reputation (43%) and the potential for financial impacts (40%). This apprehension underscores the urgent need for organizations to create a supportive environment for reporting.

Respondents highlighted the importance of senior leadership's involvement in cybersecurity efforts:

• Lack of Confidence: A combined 48% of respondents did not believe that leadership would care about a cyberattack (25%) or respond effectively (23%).
• Reporting Infrastructure: Shockingly, 22% reported that their organizations had "no system in place" to report breaches to leadership.

The Way Forward: Embracing Cyber Resilience

As the digital threat landscape continues to evolve, organizations must prioritize cybersecurity resilience. This includes not only investing in robust security measures but also fostering a culture of open reporting and learning from incidents.

The Keeper Security survey underscores that the battle against cyber threats extends beyond technology; it hinges on trust, transparency, and the commitment of leadership to protect their organizations from the ever-present dangers of the digital realm.