Data breach reporting is mandatory and, as per some prevailing laws, any incident that goes unreported for a while can lead to the arrest of the technology head of the victimized company. However, if we take practical stats into account in the United States, they are different and contrary to what is existing in paper.
According to a survey conducted by Bitdefender, the 42% of respondents who participated in the survey were asked to keep the info steal as a secret, as soon as they learnt about the incident. Every 3 in the 10 surveyed respondents kept the breach as a secret, as per the 2023 Cybersecurity Assessment Report published by the security provider.
Timely notification to the victims about the breach is vital as it can lead to serious consequences and if this is not done as per the proper procedure, it can deteriorate the situation and make it more complex to resolve.
So, reporting about the breach and notifying the affected victims is crucial.
However, in most business firms, this standard procedure is determined to be missing due to many factors.
First, the fear of the business image getting tarnished might make the CTOs and CFOs keep the incident a secret. Next is the fear of compensating the victims and that could go into millions, if the auditing statistics are taken into account.
In countries like Europe, GDPR rules can make the data watchdogs penalize the victim company, sometimes a burden that can only be recovered after losing profits for months and years.
So, is the decision to ask the technology heads to stay silent over data breach a valid point?