Introduction
If your confidential data was exposed in a breach, wouldn’t you want to know immediately? Most people would! So here’s a rather startling statistic…
71% of IT professionals have been told by their superiors NOT to report a data breach.
Even worse: 3 in 10 did as they were told, and kept the cyber incident a secret.
That’s not just immoral…it’s illegal!
Why We Have Incident Reporting Laws
When a data breach happens, the company or individual who was managing that information is beholden to laws detailing what, how fast and to whom they must disclose news of the cyber incident. For example, financial institutions have to notify the Federal Trade Commission within thirty days. It’s not just the regulatory agency that you have to inform, though; you typically have to disclose the breach to anyone affected, too, depending on what information was stolen.
Reporting is one of many important regulations that make us all more cyber-secure. Think about it: If your bank accounts, or health records, or mailing information got leaked, wouldn’t you want to know?
If you’ve ever experienced a cyberattack that led to the exposure of any private information, you probably know how important it is to report the breach…and we don’t just mean to your direct managers or the police (although, depending on your organization’s incident response plan and your role in it, you might have to do that too). It’s important to let anyone whose data was affected know about the incident.
Promptly notifying affected individuals allows them to take proactive measures to safeguard their compromised information, like changing all of their passwords or employing Dark Web Monitoring software, like ours, that delves deep into the dark marketplace to instantly detect your compromised information.
How can we keep our accounts and data private if we don’t know when a breach has occurred? If you don’t know YOUR reporting requirements, now is the time to found out!
What Happens if Businesses Don’t Report
It’s not just about preferences, though…data privacy is a right in many countries across the globe. More and more, people and legislation are all pushing for better data privacy protections.
There are 162 data privacy laws in place around the world! Some are focused only on your locale, while others apply to the whole nation. We even have international regulations updated to consider how much digital communication goes on now. Depending on where you work and what you do, different laws apply to you regarding how quickly, to what extent and to whom breaches must be disclosed. That could mean the regulating organization in charge of the law, the government and affected parties as well.
Transparency is also key to maintaining your upstanding reputation. Who wants to be known as someone that hides massive privacy breaches from the ones who are most deeply affected? Organizations that openly acknowledge and address data breaches demonstrate transparency and accountability to their customers, partners, and stakeholders. This transparency helps maintain public trust and confidence in your commitment to data security and privacy.
Conclusion
Ultimately, reporting matters after a breach because it mitigates damage from the breach and teaches us where to improve to prevent the problem from exacerbating. When alarm bells are rung, authorities and experts can work together to identify the source of the breach and take action to improve security measures for the future.
So it really does come down to the age-old good advice: If you see something, say something!
References
