Commentary

Sensitive Security: U.S. IT Pros Told To Cover Up Data Breaches

The United States is the world’s biggest security sieve, judging by Bitdefender’s 2023 Security Assessment.

Of the IT professionals surveyed, 74.7% in the U.S. say their firm has suffered  a data breach or leak within the past 12 months. But the average is 51.7% among all countries in the study. 

Worse, 70.7% of IT personnel in the U.S. have been instructed to keep a breach confidential when it should have been reported, versus 42% worldwide -- while 54.7% of IT staffers in the U.S. have kept a breach under wraps, versus 29.9% worldwide. 

Overall, 72.2% agree they have seen an increase in the sophistication of phishing attacks. That rises to 84% in the U.S.  

Why are U.S. firms so vulnerable, and more likely to cover things up? There may be one simple reason: GDPR.  

The other countries represented in this study are the UK, Germany, France, Spain, Italy and Germany: Except for the UK, all are directly under GDPR.

They know they face penalties for not reporting breaches. 

Yet U.S. companies are way more worried about consequences: 78.7% of the respondents worry about legal action stemming a security breach being handled incorrectly, compared to 54.3% in the other nations.  

What types of security threats are they worried about? Among U.S. firms:

  • Software vulnerabilities/zero-days — 80% 
  • Supply chain attacks — 73.3% 
  • Phishing/social engineering — 58.7%
  • Insider threats — 36.5% 
  • Ransomware — 45.3%

In contrast, the global worry averages are:

  • Software vulnerabilities/zero days — 53.9%
  • Phishing/social engineering — 52.2%
  • Supply-chain attacks — 49% 
  • Ransomware — 48.5%
  • Insider threats — 36.5%
  • Espionage — 34.1% 
  • Privilege escalation — 24.1% 

Meanwhile, U.S. IT personnel would like to destroy these myths within their organizations: 

  1. Our organization is not a target for cybercriminals — 42.7%
  2. Using non-corporate approval apps is not a big deal — 40%
  3. Security is solely the responsibility of the IT team — 36%
  4. An email that comes into the corporate system is always safe to open/click on — 36% 

Censuswide, a third-party research firm, surveyed 400 IT professionals working in organizations with 1000+ employees. They range in title from IT junior managers to CISOs. 

Next story loading loading..