Ellen Messmer reports:
One in 7 information technology companies have not reported data breaches or losses to outside government agencies, authorities or stockholders.
In addition, only 3 out of 10 said they report all data breaches and losses suffered related to intellectual property, while 1 in 10 organizations will only report data breaches and losses that they are legally obliged to report, and no more. Six in 10 said they currently “pick and choose” the breaches and losses of sensitive data they decide to report, “depending on how they feel about them.”
Those were some of the key findings from a McAfee and Science Applications International Corp. (SAIC) survey that queried 1,000 technology managers in the U.S., United Kingdom, Japan, China, India, Brazil and the Middle East on questions about intellectual property and security.
Read more on Network World.
Figure 3 of the report is interesting, as it shows that for U.S. respondents, 60% say that they report all breaches unless they’re small or insignificant, while 40% say that they report all breaches. In a way, that’s better than what I expected to see, although there aren’t details on how many people were approached for the survey and what percent responded, etc. The contrast between the U.S. responses and the U.K. responses is readily apparent: over a third of UK respondents note that they do not report breaches unless legally obligated to do so or they feel obligated to do so. Japan reported the greatest notification/disclosure rate, exceeding the U.S. for reporting all breaches, regardless of size.
Related: McAfee and SAIC’s press release on the study.
Related: Download the study, “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency,” at McAfee.