IT and security pros pressured to keep quiet about data breaches

Organizations globally are under tremendous pressure to address evolving threats like ransomware, zero-day vulnerabilities, and espionage, and they face challenges in extending security coverage across multiple environments and dealing with an ongoing skills shortage, according to Bitdefender.

“The results of this survey demonstrate, more than ever, the importance of layered security that delivers advanced threat prevention, detection and response across the entire business while improving efficiencies that allow security teams to do more with less,” said Andrei Florescu, deputy GM and SVP of products at Bitdefender Business Solutions Group.

Cybersecurity professionals often told to keep breaches confidential

Alarmingly, more than 42% of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential.

At 71%, IT/security professions in the US were the most likely to say they have been told to keep quiet followed by the UK at 44%, Italy at 36.7%, Germany 35.3%, Spain 34.8% and France 26.8%.

52% of businesses surveyed suffered a breach in the last 12 months

At the same time a large percentage are told to keep breaches confidential, 52% of global respondents said they have experienced a data breach or data leak in the last 12 months. The US led at 75% (or 23% higher than average) followed by the UK at 51.4% and Germany at 48.5% rounding out the top three.

Given the prevalence of data breaches and the overwhelming pressure to keep them quiet, IT/security professionals face a grim situation. 55% of respondents agree they are worried about their company facing legal action due to a breach being handled incorrectly.

Software vulnerabilities are the top threat concern

When asked about the security threats that pose the greatest concern, respondents indicated they are most concerned about software vulnerabilities and/or zero-days threats (53%), closely followed by phishing/social engineering threats (52%) and attacks targeting the supply chain coming in at third (49%).

Software vulnerabilities as the top concern correlates with Bitdefender Labs research which has shown a marked increase in 2023 of cybercriminals exploiting known software vulnerabilities using proof of concept (PoC) attacks.

Extending cybersecurity capabilities across environments is the top challenge

43% of IT/security professionals surveyed said extending capabilities across multiple environments (on-premises, cloud, and hybrid) is the greatest challenge they face which tied with complexity of security solutions also at 43%.

Not having the security skill set to drive full value came in as a strong second at 36%. Interestingly, Italy and France cited lack of security skill set as their biggest challenge at 49% and 45%.

Continuous cybersecurity coverage deemed crucial for businesses

99% of all respondents globally stated that using a managed security provider, such as a managed detection and response (MDR) service, is a critical element of their security programs with 99% of respondents stating they are either currently using or considering using a managed security provider.

The top reason respondents gave include the ability to have 24×7 security coverage (45%), followed by the ability to free up internal IT/cybersecurity resources (35%). 93% percent of respondents identified proactive threat hunting as important.