back to article 40% of IT security pros say they've been told not to report a data leak

More than 40 percent of surveyed IT security professionals say they've been told to keep network breaches under wraps despite laws and common decency requiring disclosure. That's according to Bitdefender's 2023 Cybersecurity Assessment report, which was published this month. According to responses from large companies in the …

  1. b0llchit Silver badge
    Facepalm

    Failed to prepare

    ...a cybersecurity industry stretched to the breaking point.

    You know both your design and security failed when you need this much "cybersecurity industry". You know your systems should have been designed more stringent. You know that preparation costs boatloads of money and you did not (want to) get that approved. And now you complain about "cybersecurity"?

    You get what you pay for. It was true in the past, is true today and will be true in the future.

  2. Cereberus

    Now I know why fast food is no longer fast

    Now the biz, which runs or franchises at least 55,000 eateries employing 36,000 people worldwide.....

    So does that mean there are just under 2/3 of a person working at each location?

    Or does it mean that the company has 36,000 people employed, then the franchises have their own which aren't included in the 36,000?

    If the former, I assume the chickens run the stores and when they die they go to the big secret herb and spice jar before they are broken up and sent to the fiery hells of the oil pit (fryer) where they shall be delivered of their evil by having their flesh 'boiled' before that sinful flesh is consumed so their spirits can move to the big free range farm in the sky.

    1. Korev Silver badge
      Coat

      Re: Now I know why fast food is no longer fast

      So you're saying they run on a wing and a prayer?

  3. Pascal Monett Silver badge

    "respondents said they [..] obeyed those orders"

    Well what do you expect ?

    If they didn't, they wouldn't be able to respond because they WOULD HAVE BEEN FIRED.

    And it's not like a security breach has got anyone fired yet, so why risk it ?

    1. An_Old_Dog Silver badge
      Unhappy

      Why Risk It?

      My boss asked me to use my computer access to view the medical records of a co-worker (whom he also supervised). In addition to being mal-ethical, it was a firing offense. I pointed out the latter to him (though not the former).

      I can't help but wonder if that refusal had something to do with my being let go when the department was downsized. I've no proof that's what happened, but ...

    2. werdsmith Silver badge

      Re: "respondents said they [..] obeyed those orders"

      Why risk it?

      So fire me. I’ll go and work for the rivals. Why be worried about being fired? Don’t be beheld to an employer.

      1. John Brown (no body) Silver badge

        Re: "respondents said they [..] obeyed those orders"

        If it's the US, they might well have a legally binding non-compete clause.

        1. Michael Wojcik Silver badge

          Re: "respondents said they [..] obeyed those orders"

          Non-compete clauses are at the very bottom of my list of things I'd worry about if I were looking for a new job. Far more pressing are in-office mandates (no one has an office near where I live), the tiresome processes of shopping my resumé around and interviewing, the reluctance of employers to hire people with experience, compensation for losing retention benefits, changes to medical insurance (because of course US medical-insurance policies are not at all fungible), having to vet prospective employers for their business practices and ethics and product quality, the risk of being forced to use tools I dislike, paperwork hassles, the hit to my credit rating for changing employers... Hell, I haven't even entertained unsolicited offers in decades. No one's come to me with a high-enough offer to make the cost and risk worthwhile.

          There are a lot of factors which penalize changing jobs. Non-compete clauses don't even show up on my radar. Has anyone who's not a really prominent figure ever actually been sued over one of those?

  4. Mike 137 Silver badge

    Failure to report

    Interestingly, the UK govt is proposing to eliminate the statutory independence of the Data Protection Officer in favour of a ‘senior responsible individual’ with no specific requirements for either independence or expertise in the legislation. If this is adopted, I guess the incidence of failure to report will approach 100% and everyone will be happy as the problem will seem to have disappeared.

    1. b0llchit Silver badge
      Joke

      Re: Failure to report

      It has disappeared! There are no reports to support the contrary. Therefore, problem solved. Once and for all, problem solved I say.

      You hear? Problem solved! period. full stop. dot.

    2. Anonymous Coward
      Anonymous Coward

      Re: Failure to report

      > proposing to eliminate the statutory independence of the Data Protection Officer in favour of a ‘senior responsible individual’ with no specific requirements for either independence or expertise in the legislation.

      I've seen no evidence of ICO actually caring about lack of independence or expertise of DPOs.

      I raised, as part of a complaint, with ICO what I saw as a conflict of interest of my GP Practice's Practice Manager also being the DPO as, amongst other things, in his DPO role he would be unlikely to refuse health service central organisation demands for data sharing as (in his Practice Manager role) he would realise that any refusal might threaten his Practice's contract with the Health Service.

      For the same Practice Manager/DPO I also highlighted to ICO his obviously extremely limited knowledge of Data Protection law, he seemed unaware of most of his DPO duties/responsibilities and when I was discussing with him issues that I'd raised it felt like I was training him about GPDR.

      The ICO case officer had no interest in either matter.

  5. EarthDog

    The bosses are always the problem

    Always. They cover up, hire monkeys to do window dressing, have no policies, fail to enforce policies, cut corners, etc.

    1. Michael Wojcik Silver badge

      Re: The bosses are always the problem

      Oh, I've known plenty of non-managers who were problems.

  6. Anonymous Coward
    Anonymous Coward

    Now I'm worried...

    ... that 60% of IT security pros are liars...

  7. Insert sadsack pun here

    Bitdefender says: "Surprisingly, many impacted organizations say they have been told to keep the data leak confidential despite their obligation to report it. Over 40% of security professionals surveyed said they had been told to keep a breach under wraps..."

    Yeah but hold on - there's not a legal obligation everywhere to report every data breach externally. Only some data breaches must be reported as a matter of statutory law to e.g. a data privacy regulator, or as a matter of contract to e.g. clients or vendors. If there's no obligation to report and the breach was immaterial - I don't see why maintaining confidentiality is a bad thing.

    1. John Brown (no body) Silver badge

      The answer is in the part you quoted "keep the data leak confidential despite their obligation to report it."

      That kinda say the survey was asking about breaches where is a requirement to report it.

      And the stats for the US just re-affirm why it's not a good idea to let your data ever go anywhere near a US server if you can possibly avoid them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like