There’s an interesting commentary by Evan Schuman on Computerworld today.
Nobody likes to be embarrassed. That goes for company executives. This fact of human nature helps explain why the breach-disclosure laws that have been adopted by many states can be leveraged by data thieves for even more profit than they could realize before.
Evan notes that if your firm decides not to disclose a breach that should have been disclosed, you give the bad guys a new opening:
When a company’s executives decide to hide a breach, their action can morph from unsavory to illegal. But that decision can leave them vulnerable to the attackers behind the breach in the first place, who know that the company has not done what the law requires and can now threaten it with disclosure.
That is also a two-stage threat. An attacker breaking into your network and then bragging ab out it is embarrassing. But if the attacker breaks in and waits to see if you report it—and if you run out the clock and opt to not report it, the attacker’s disclosure could expose you and your colleagues to civil penalties. In short, it makes a bad situation far worse.
Read more on Computerworld.