2 min

A new study finds that nearly half of security practitioners are being told to ‘keep data breaches under wraps’.

A new study published this week shows almost half of cyber security professionals are pressured to keep data breaches secret, according to ITPro.

The survey of 400 IT and security professionals, published by Bitdefender, found that 42% of the respondents had been told to keep a breach confidential – even when they knew it should be reported. In addition, 30% said they themselves actively avoided disclosing a breach, despite specific processes being in place to do so.

The report comes at a time when reports show that cyber threats have reached an all-time high.

US security pros more likely to keep breaches secret

The study found that US-based security practitioners were the most likely to have kept a breach “under wraps” when they knew it should have been disclosed. In all, 71% of US based respondents reported failing to alert senior management or customers about a breach.

By contrast, EU-based staff seemed more honest. Indeed, those based in the UK, France, Germany, Spain, and Italy were among the least likely to suppress a report about a breach.

Failure to disclose data breaches can pose a significant risk to organisations on both sides of the Atlantic. There are currently laws in both the European Union and the United States require businesses to disclose an incident if customer data is exposed.

For example, EU-based organisations are required to notify a supervisory authority “without undue delay” and within 72 hours “at the latest after having become aware of the breach”.

In addition, all 50 US states have security breach notification laws that require businesses to “notify affected customers or employees” if a data breach occurs, according to ITPro.

In January, the US Federal Communications Commission (FCC) hinted at a potential overhaul of legislation that would shorten the amount of time telecoms firms have to report data breaches.