The European Commission has recently introduced new data breach rules that force EU organizations to report incidents within 24 hours. However, a new study by AlienVault shows that only 2% of EU companies are willing to go public in case they suffer a security breach.According to the report, 11% of organizations are willing to share information with the security community. 31% would only tell their employees about it, while 38% say they would inform relevant authorities.
“On the one hand, publicising a breach would help other businesses avoid falling prey to attacks. On the other, damage to your brand and reputation could be significant,” noted Barmak Meftah, president & CEO of AlienVault.
So what would these companies do in case they were hit?
5% of them would do nothing at all. 52% would research the impact of the security breach, 31% would try to patch the vulnerability, while 1% say they’d wait to see the full extent.
When it comes to sharing attack information with competitors, 50% would do so. 35% are willing to share details anonymously, while 15% have no problem in being named.
“Sharing information about the source and nature of attacks allows the security community to act fast, and quickly isolate malicious or compromised hosts. In addition, it helps identify attack methods, tools and patterns, all of which help fuel research on new defense technologies,” Meftah added.
When asked about how they learn about the security they need, 16% say they do their own research. Others rely on blogs (14%), education / training (14%), news websites (13%), partners / resellers (10%), underground forums (6%), and advertising and marketing (6%).
“Security professionals are starting to share more and more. They are getting their information from different sources. AlienVault is aware that the only way to beat cyber criminals is to understand the security landscape as a whole and continue to facilitate this sharing among all security practitioners and the wider security community in general,” Meftah said.