Cyberattacks, in many companies the regime of silence

In one in four companies, IT and security managers are asked not to report computer incidents. A study by Bitdefender.

Posted on 12 April 2023 by Redazione

Cyber attacks aren’t always discovered by businesses that are victims, or maybe months after the breach before the IT department realizes what happened. Other times IT and security managers are aware of the facts, but are forced to keep quiet. The study "Cybersecurity Assessment 2023", conducted by Censuswide for Bitdefender (over 400 IT and security professionals, from managers to chief information security officers, from Italian, French, German, Spanish, British and US companies with at least a thousand employees), reveals that 42% of IT and security professionals received instructions or orders to keep quiet, not to make any reports. 30% followed this indication or order.

The data fluctuates significantly on a geographical basis. In the United States, the percentage of respondents asked to keep silent reaches 71%, while in France the opposite is limited to 26.8%. The Italian percentage of "homesick" companies is 36.7%.

Cyber attacks, on the other hand, are certainly not a rarity. In the sample of 1000 companies surveyed, 52% suffered at least one breach or data leak during 2022, and once again the US figure is much higher than the average (75%).  Over half of the respondents, 55%, said they feared that their company might face legal action due to the improper handling of these incidents (for example for failure to comply with the notification obligation in case of data breach affecting customers). Among the continuous growth of attacks, regulatory obligations and the uncomfortable demands of business leaders, the position of cybersecurity professionals is not simple.

"Companies around the world are under enormous pressure to cope with evolving threats such as ransomware, zero-day vulnerabilities and industrial espionage," said Andrei Florescu, deputy general manager and senior vice president of products of the Business Solutions division of Bitdefender. "At the same time they face the difficulties of extending cybersecurity in all environments in a context of continuous shortage of specialized figures".

Software vulnerabilities and/or the risk of a zero-day exploit are the most worrying threat, reported by 53% of respondents, but at close range there are phishing or social engineering scams (52%) and supply chain attacks (49%). When asked about the biggest challenge currently faced, 43% of the professionals surveyed named the difficulty of extensively protecting different types of IT environment (on-premise, cloud, and hybrid) and a similar percentage cited the complexity of cybersecurity solutions. The lack of skills of security personnel is the third most challenging, cited by 36% of total respondents, but in Italy and France it is in first place (49% and 45%, respectively).

"The results of this investigation", continued Florescu, "More than ever, they demonstrate the importance of multi-layered security that delivers advanced threat prevention, detection and response across the enterprise, while improving the efficiency that allows security teams to do more with less resources". 99% of respondents agree that relying on managed security providers is a critical aspect of their strategy; Moreover, 99% already support or have considered the idea of relying on a managed security service provider to have a continuous coverage "24/7" and not to engage internal resources in monitoring and response to threats.

Tags: security, professions ict, cybersecurity, bitdefender, ciso

You might also be interested

Leave a Reply

Your email address will not be published. Required fields are marked *