CyberArk Survey: 46 Percent of Organizations Did Not Disclose
Data Breaches to Customers
According to a new CyberArk survey, almost half of organizations (46 percent) did not fully inform customers when their personal data was compromised in a cyber attack.
The findings are included in the second installment of the CyberArk Global Advanced Threat Landscape Report 2018. This report, “The Business View of Security: Examining the Alignment Gap and Dangerous Disconnects,” reviews business leaders’ views of IT security and misalignment with IT security leaders that can put organizations, and their customers, at risk.
No organisation is safe from increasingly complex cybersecurity attacks
Thirty-six (36) percent of Singapore respondents believe that their organisation can’t stop every attempt to break into their internal network.
· More than half (53 percent) say that their organisation is susceptible to carefully crafted attacks – such as a phishing attempt that targeting a company executive.
· More than one third (36 percent) of Singapore respondents believe attackers cannot be prevented from breaking into their internal network.
· Fifty-nine (59) percent of respondents – including security professionals and business leaders – also believe that hackers have the potential to know more about the organisational security processes than non-IT personnel.
“The reality of doing business in 2017 – with 53 per cent of Singaporean respondents believing that their organisation is susceptible to carefully crafted attacks – is that breaches that result in data loss stand a very good chance of being exposed, so transparency becomes an important consideration,” said Jeffrey Kok, Technical Director, Asia Pacific Japan at CyberArk. “With notification legislation making transparency a legal consideration as well as an ethical one, telling customers of any data compromise as soon as the full facts are available must be considered in a financial and reputational light.”
Security builds trust – but trust can be betrayed
The consequences of compromise are not lost on those individuals and companies that form part of an organisational ecosystem.
58 percent of Singapore respondents say potential partners assess their security programs before doing business with them. Almost as many respondents (53 percent) say potential customers also consider security in advance.
· However, 46 percent of respondents in Singapore admit that their organisations did not fully inform customers when their personal data was compromised in a cyberattack.
The implications of this are significant, including potential loss of future customers and severe regulatory penalties. With the new proposed legislation from the Personal Data Protection Commission (PDPC), organisations need to adhere to mandatory reporting of data breaches. When surveyed, 83 percent of Singapore respondents agree that their organisation must adhere to these security compliance requirements improve their overall security posture.
“In the light of new proposed legislation from the PDPC and Cyber Security Bill, the latest set of findings from CyberArk’s Advanced Threat Landscape 2018 report – specifically that nearly half (46%) of Singapore respondents reporting that their organisations have not always been fully transparent with customers when their personal data was compromised in a cyber-attack – reveal that companies must overhaul their approach to avoid potential loss of future customers and regulatory penalties,” continued Kok.
Just earlier this year, PDPC took action against ION Orchard property manager, Orchard Turn Developments over a breach involving the personal data of its customers, requiring the company to pay a fine of $15,000.
Many still don’t understand cybersecurity
- Twenty-nine (29) percent of Singapore respondents admit that they do not have adequate knowledge of their organisation’s security policies, and they do not understand what they should do if a cybersecurity incident occurs.
· As much as eighty-nine (89) percent believe that security should be discussed at the board level more frequently, with company’s executive leadership taking a more proactive role in cybersecurity awareness.
Kok concluded, “The entire commercial ecosystem, from customers to partners and suppliers, expect a high standard of security practices with entities they do business with. The expectation is that that organizations will secure their sensitive data. Those that fail to do so risk loss of customers, business partners and – ultimately – revenue.”
The 11th Annual CyberArk Global Advanced Threat Landscape Report 2018 will be released in three parts. The first installment was a “Focus on DevOps.” These findings are from part two, focusing on business leaders’ view of IT security. The survey was conducted by Vanson Bourne in fall 2017 amongst more than 1,300 IT security decision-makers, DevOps and app developer professionals and line of business owners, across seven countries worldwide.