Data breaches under-reported: Figures may be worse than they appear

by Charles Leaver

December 5, 2013

access_time 3 min read

The statistics pertaining to data breaches may be worse than they appear, as many organizations do not report when a data leakage occurs.

A new industry survey showed that about six in 10 malware analysts have investigated data loss that was never reported by their company, according to Infosecurity. The most recent numbers show that in 2012, there were 621 confirmed instances of data breaches. However, with 57 percent of security analysts having investigated unreported data leakage cases, this number could be far worse.

The reasons for these incorrect statistics vary, including wanting to hide a breach from customers, partners or other stakeholders, according to Baseline Magazine. Seventy-nine percent of survey respondents cited this reason for not disclosing a data breach, as many don't want to damage the reputation of their organization. Furthermore, 57 percent of telecommunications organizations and 56 percent of health care survey participants admitted having a "don't tell" policy in place for dealing with cyberattacks.

Although these businesses may want to deal with data leakage internally and on their own terms, by not reporting the incident, they are putting their customers and the industry at risk. If clients are not aware that their sensitive information has been compromised, they will not take the appropriate steps to safeguard the data and mitigate damage caused by the breach. Furthermore, many organizations base their vulnerability and risk levels on reported data breaches. For this reason, not disclosing this information results in other businesses being misinformed.

Baseline Magazine stated that some of the top contributors to data breaches include phishing emails that lead users to malicious links, inappropriate websites and malicious mobile applications. These risks illustrate the importance of strong endpoint security protection, which can work to prevent the dangers of these factors.

Organizations that have experienced a data breach should always report the incident and work to mitigate the damage. In such cases, businesses can turn to the intrusion forensic analysis services offered by Ziften to determine the cause and content affected by a data breach.