• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

The reasons cyber attacks are underreported and what you can do about it

August 13, 2015 by Secure360 and UMSA

cyber attacks are underreported in the news

Copyright: 123rf/zstoimenov

What’s the first company that comes to your mind when you think of a cyber attack mentioned in the media? As information security experts, our industry tends to hear about and become aware of cyber attacks more often than others, but despite how regularly we hear of these attacks being reported in the news, most IT professionals believe that the true number of cyber attacks are significantly underreported.

A survey found that 87% of IT professionals think that large financial hacks are happening more often than reported without security auditors’ knowledge. In addition, 51% of IT professionals believe that their corporate networks are being targeted continuously by hackers.

Cyber attacks are causing so much damage to American companies that they threaten U.S. competitiveness around the world. Despite those numbers, however, you will not find much evidence of that dramatic damage in reports filed with the Securities and Exchange Commission.

Why are cyber attacks underreported?

U.S. officials state that cyber attacks are happening, but companies are hesitant to reveal damages to their organization for fear of scaring off potential or existing customers, damaging stock value or facing legal liabilities. Some companies do not know that their networks are being compromised. Other companies are less likely to go public about data breaches because of the negative impacts on an organization’s reputation and share price. Even though withholding information is the trend, keeping security incidents a secret is not the right thing to do, particularly if customer data is involved.

Why should cyber attacks be disclosed?

Many believe that until we create an environment where companies can open up about cyber attacks on their networks without being attacked by the media and industry, companies will continue to withhold this information. Companies should be encouraged to share cyber security breaches in order to increase public awareness of the threats that exist to U.S. security. In addition, being honest when communicating a security breach with the affected parties will reassure customers that you are doing everything possible to fix the situation and rebuild a trust with them.

How can a cyber attack be reported?

In 2011, the SEC released tips for companies to better understand how and when to disclose cyber security attacks. Since then they have been encouraged to take additional steps. While the decision of how and when to approach regulators and authorities remains a bit of a judgment call, there are a few tips for approaching the situation:

1. Start the conversation early.

Consider your plan of action and how to communicate and deal with regulators before a breach even happens.

2. Dictate your story.

In the event that a breach does hit, notifying regulators at the earliest stage and being transparent allows regulators to investigate and understand.

3. Do not speculate facts.

While it is smart to notify regulators early, offering misleading information or jumping to conclusions on the facts. All information provided should be accurate and reliable.

4. Know that every breach is unique.

Every data breach has its own set of facts and circumstances, and should be handled accordingly. Use judgment when determining how and when regulatory or law enforcement intervention is necessary.

Cybersecurity experts would like to see more companies disclosing the facts and details behind cyber attacks on their organizations. When other companies are comfortable opening up about attacks, others can see how real the problem of data breaches is and learn strategies to overcome attacks. While short-term, disclosing data breaches may impact on a brand’s reputation, it will help the industry in the long run.

Filed Under: Cybersecurity

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: As much as many of us enjoy it, there are risks to working from home, specifically as we rely more and more on the… https://t.co/S2nuIyWgjk
    about 3 days ago

  2. Secure360 Conference
    Secure360 Conference: The time to register is NOW, because today is the final day to score early bird rates. #Sec360 is the professional… https://t.co/rsIAkxmmCV
    about 4 days ago

  3. Secure360 Conference
    Secure360 Conference: We can never thank our wonderful #Sec360 sponsors enough! Silver Sponsors @AxoniusInc @BlackBerry @Fortinet and… https://t.co/pnYxfkR135
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.