67% of companies stay quiet on cyber-security incidents, here's why

Security researchers have discovered that as much as 67 per cent of companies do not report cybersecurity incidents to regulators. Although it is mandatory for companies to follow compliance rules, companies defy reporting guidelines, possibly to keep away from regulatory punishments and public disclosure that can hurt their reputation, according to Kaspersky’s State of Industrial Cybersecurity 2019 report. Industrial organisations have consistently been on the radar of cyber threats. Recently, cybersecurity researchers detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months this year. Companies are required to adhere to the General Data Protection Regulation (GDPR), the standards set by the International Electrotechnical Commission (IEC), etc.

Survey findings

-- 52 per cent of incidents lead to a violation of regulatory requirements.

-- 63 per cent of incidents consider the loss of customer confidence in the event of a breach as a major business concern.

-- 21 per cent industrial companies admitted that they do not currently comply with mandatory industry regulations.

--  Compliance was the top budget driver in cybersecurity investment strategies for 55 per cent of respondents.

-- 28 per cent industrial companies identified the threat landscape as a key budget driver.

"Industrial compliance and regulations should not be taken lightly. But it is also very important to keep in mind the real threat landscape that is changing dynamically," said Georgy Shebuldaev, Head of Kaspersky Industrial Cybersecurity Business Development.

"An efficient cybersecurity solution in combination with clear policy should help companies achieve the necessary level of protection in accordance with regulatory requirements," Shebuldaev added, "Such solutions should contain technology-oriented measures, vulnerability assessment and incident response measures, as well as security awareness initiatives for all employees who work with industrial automation systems."

In related news, the European Union (EU) police agency said cybercriminals focus more on data and profits and use new technology as they shift their focus to 'larger and more profitable' targets. Government agency Europol said in its annual report Internet Organized Crime Threat Assessment that since digital data is a key target. It also revealed ransomware remains the top threat.

READ | Xhelper malware infects 45,000 devices over the past 6 months

READ | Malware attacks on IoT-enabled devices are on the rise: Kaspersky