What is the premise of this article?
Unlike Hollywood, where any unauthorised access is heralded by big flashing signs and screaming sirens, the reality is that it can be difficult for a company to identify when and if a breach has occurred, particularly if the miscreants just silently login and copy data.
If you cast your eye over a typical businesses firewall logs, you can see attempts to gain access or to probe for weaknesses every hour of every day, but being able to identify a successful attack from all the background noise is difficult.
Even with the very best IPS / IDS, WAF and other security tools, if someone uses stolen credentials to access a legitimate account, there is no easy way to distinguish that access from a legitimate user. It is usually only after stolen data has been released that the target business knows there has been a breach, and can then check back in the logs to see when and how it was done, and then report it.
If a malicious actor gets in using valid credentials, and extracts data, but doesn't broadcast that fact, then the victim may never know it ever happened.
It is therefore hardly surprising that businesses are slow to report a breach. They will want to make damn sure that there has been one, before reporting it.