Commentary

Sensitive Security: U.S. IT Pros Told To Cover Up Data Breaches

The United States is the world’s biggest security sieve, judging by Bitdefender’s 2023 Security Assessment.

Of the IT professionals surveyed, 74.7% in the U.S. say their firm has suffered  a data breach or leak within the past 12 months. But the average is 51.7% among all countries in the study. 

Worse, 70.7% of IT personnel in the U.S. have been instructed to keep a breach confidential when it should have been reported, versus 42% worldwide -- while 54.7% of IT staffers in the U.S. have kept a breach under wraps, versus 29.9% worldwide. 

Overall, 72.2% agree they have seen an increase in the sophistication of phishing attacks. That rises to 84% in the U.S.  

Why are U.S. firms so vulnerable, and more likely to cover things up? There may be one simple reason: GDPR.  

The other countries represented in this study are the UK, Germany, France, Spain, Italy and Germany: Except for the UK, all are directly under GDPR.

advertisement

advertisement

They know they face penalties for not reporting breaches. 

Yet U.S. companies are way more worried about consequences: 78.7% of the respondents worry about legal action stemming a security breach being handled incorrectly, compared to 54.3% in the other nations.  

What types of security threats are they worried about? Among U.S. firms:

  • Software vulnerabilities/zero-days — 80% 
  • Supply chain attacks — 73.3% 
  • Phishing/social engineering — 58.7%
  • Insider threats — 36.5% 
  • Ransomware — 45.3%

In contrast, the global worry averages are:

  • Software vulnerabilities/zero days — 53.9%
  • Phishing/social engineering — 52.2%
  • Supply-chain attacks — 49% 
  • Ransomware — 48.5%
  • Insider threats — 36.5%
  • Espionage — 34.1% 
  • Privilege escalation — 24.1% 

Meanwhile, U.S. IT personnel would like to destroy these myths within their organizations: 

  1. Our organization is not a target for cybercriminals — 42.7%
  2. Using non-corporate approval apps is not a big deal — 40%
  3. Security is solely the responsibility of the IT team — 36%
  4. An email that comes into the corporate system is always safe to open/click on — 36% 

Censuswide, a third-party research firm, surveyed 400 IT professionals working in organizations with 1000+ employees. They range in title from IT junior managers to CISOs. 

Next story loading loading..
About the Author

Ray Schultz is the former editor of DM News, Chief Marketer, Direct, Circulation Management and other marketing titles.