Skip to main content
close search
site logo

Companies grapple with post-breach disclosure risks

The concerns leading organizations to withhold information are aplenty, including reputational damage and financial impacts.

Published Feb. 21, 2023
Matt Kapko's headshot
Senior Reporter
A man looks at lines of code depicted on a computer screen
A man sits at a desk facing a screen with lines of code. sestovic via Getty Images

First published on

Cybersecurity Dive

Post-breach disclosures remain a rarity, despite constant warnings from cyber authorities that they can only help organizations if incidents are brought to their attention.

While half of organizations suffered a data breach in 2022, nearly three-quarters of those breached chose not to disclose the information, according to a report released Thursday by Arctic Wolf.

“Some organizations unfortunately still believe there is a stigma around data breach disclosure and fear that being breached means that they are not actively protecting their environments,” Christopher Fielder, field CTO at Arctic Wolf, said via email.

The rate and scale of cyber incidents shows any organization can be subject to a breach and “this shouldn’t be seen as a total sign of organizational weakness,” Fielder said.

The concerns leading organizations to withhold information are aplenty, the cybersecurity firm said. Reputational damage, career impact, potential follow-up breaches, insurance premium hikes and a lack of legal obligations were the top excuses listed by IT professionals in a survey.

”Every organization is going to come up with their reason to justify why they didn’t disclose, but at the end of the day that causes more harm than good,” Fielder said. “Businesses shouldn’t have to suffer in siloed silence anymore.”

Ransomware, unsurprisingly, remains organizations’ top cybersecurity concern in 2023. More than 2 in 5 organizations represented in the survey said they were hit by a ransomware attack last year.

The vast majority of organizations hit by ransomware attacks are also choosing not to follow the advice of authorities with respect to ransom payments.

Nearly three-quarters of companies impacted by ransomware attacks last year paid some part of the ransom either directly or through their insurance provider, the report found.

Variances in how those ransom payments were doled out suggests companies align their actions with the circumstances surrounding attacks.

Among organizations that paid a ransom last year, 2 in 5 paid the ransom in full, 1 in 5 paid a portion of the ransom, and 1 in 10 allowed an insurance provider or third party to pay a portion of the ransom on their behalf.

The report was based on a survey of 701 IT professionals at the director level or above across 13 countries.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Breaches and Bots: Law Firms Face a Trust Crisis with Clients, New Integris Survey Reveals
From Integris
November 18, 2024
ContractCrab Launches AI Contract Review for In-House Legal Teams
From ContractCrab
November 14, 2024
Trellis Launches Trellis AI to Revolutionize Trial Court Litigation
From Trellis
November 19, 2024
Editors' picks
Latest in Data Privacy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell