In a new Bitdefender survey of 400 IT/security professionals worldwide, 42% have been told to keep a breach confidential when they knew it should be reported, the cybersecurity solutions provider said.
Some 30% said they have complied with the order to keep a breach confidential, legal issues notwithstanding.
The MSSP Imperative
Had a managed security service provider (MSSP) been engaged, the security pros might not be urged to keep a cyber incident under their hats. Along those lines, nearly all of the respondents in the study said that using an MSSP or managed detection and response (MDR) service is a critical element of their security programs.
As Andrei Florescu, deputy general manager and senior vice president of products at Bitdefender Business Solutions Group, explained:
“Worldwide, organizations are under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with complexities of extending security coverage across environments and an ongoing skills shortage. The results of this survey demonstrate, more than ever, the importance of layered security that delivers advanced threat prevention, detection and response across the entire business while improving efficiencies that allow security teams to do more with less.”
A Closer Look at the Report
Key findings from Bitdefender's 2023 Cybersecurity Assessment Report include:
- Almost all (99%) of respondents stating they are either currently using or considering using a managed security provider. The top reasons respondents gave for engaging and MSSP include the ability to have 24/7 security coverage (45%), followed by the ability to free up internal IT/cybersecurity resources (35%). Ninety-three percent of respondents identified proactive threat hunting as important.
- 42% of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential. At 71%, IT/security professionals in the U.S. were the most likely to say they have been told to keep quiet, followed by the U.K. at 44%, Italy at 36.7%, Germany at 35.3%, Spain at 34.8% and France at 26.8%.
- 52% of global respondents said they have experienced a data breach or data leak in the last 12 months. The U.S. led at 75% (or 23% higher than average) followed by the U.K. at 51.4% and Germany at 48.5%, rounding out the top three. Given the prevalence of data breaches and the overwhelming pressure to keep them quiet, IT/security professionals face a grim situation. Over half (55%) of respondents agree they are worried about their company facing legal action due to a breach being handled incorrectly.
- The survey respondents are most concerned about software vulnerabilities and/or zero-days threats (53%), closely followed by phishing/social engineering threats (52%) and attacks targeting the supply chain coming in at third (49%).
- More than two in five (43%) of IT/security professionals surveyed said extending capabilities across multiple environments (on-premises, cloud, and hybrid) is the greatest challenge they face which tied with complexity of security solutions also at 43%. Not having the security skill set to drive full value came in as a strong second at 36%. Interestingly, Italy and France cited lack of security skill set as their biggest challenge at 49% and 45%.