Back to Newsroom

04 April 2023

Shockingly, Over 42% of IT and Security Professionals Surveyed Were Told to Keep a Breach Confidential When it Should be Reported

BUCHAREST, Romania and SANTA CLARA, Calif. – Bitdefender, a leading global cybersecurity company today released the 2023 Cybersecurity Assessment Report, based on an independent survey and analysis of IT and security managers revealing top security concerns, practices, and key challenges businesses are facing across their environments.

“Worldwide, organizations are under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with complexities of extending security coverage across environments and an ongoing skills shortage,” said Andrei Florescu, deputy general manager and senior vice president of products at Bitdefender Business Solutions Group. “The results of this survey demonstrate, more than ever, the importance of layered security that delivers advanced threat prevention, detection and response across the entire business while improving efficiencies that allow security teams to do more with less.”

The report is based on an independent survey and analysis of over 400 IT and security professionals ranging from manager to chief information security officer (CISO) who work in companies with 1,000 or more employees in geographical regions including France, Germany, Italy, Spain, United Kingdom (U.K.) and the United States (U.S.).

Key findings from the 2023 Cybersecurity Assessment Report include:

·        Cybersecurity professionals often told to keep breaches confidential -- Alarmingly, more than two in five (42%) of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential. At 71%, IT/security professionals in the U.S. were the most likely to say they have been told to keep quiet, followed by the U.K. at 44%, Italy at 36.7%, Germany 35.3%, Spain 34.8% and France 26.8%.

·        More than half of businesses surveyed suffered a breach in the last 12 months -- At the same time a large percentage are told to keep breaches confidential, 52% of global respondents said they have experienced a data breach or data leak in the last 12 months. The U.S. led at 75% (or 23% higher than average) followed by the U.K. at 51.4% and Germany at 48.5% rounding out the top three. Given the prevalence of data breaches and the overwhelming pressure to keep them quiet, IT/security professionals face a grim situation. Over half (55%) of respondents agree they are worried about their company facing legal action due to a breach being handled incorrectly.  

·        Software vulnerabilities are the top threat concern -- When asked about the security threats that pose the greatest concern, respondents indicated they are most concerned about software vulnerabilities and/or zero-days threats (53%), closely followed by phishing/social engineering threats (52%) and attacks targeting the supply chain coming in at third (49%). Software vulnerabilities as the top concern correlates with Bitdefender Labs research which has shown a marked increase in 2023 of cybercriminals exploiting known software vulnerabilities using proof of concept (PoC) attacks.

·        Extending cybersecurity capabilities across environments is the top challenge -- More than two in five (43%) of IT/security professionals surveyed said extending capabilities across multiple environments (on-premises, cloud, and hybrid) is the greatest challenge they face which tied with complexity of security solutions also at 43%. Not having the security skill set to drive full value came in as a strong second at 36%. Interestingly, Italy and France cited lack of security skill set as their biggest challenge at 49% and 45%.

·        Continuous cybersecurity coverage deemed crucial for businesses -- Almost all respondents globally (99%) stated that using a managed security provider, such as a managed detection and response (MDR) service, is a critical element of their security programs with almost all (99%) of respondents stating they are either currently using or considering using a managed security provider. The top reason respondents gave include the ability to have 24x7 security coverage (45%), followed by the ability to free up internal IT/cybersecurity resources (35%). Ninety-three percent of respondents identified proactive threat hunting as important.

In a recent report 1, Gartner® details the importance of threat and threat exposure management stating, “Organizations need to look beyond vulnerability patching to manage a wider set of their security exposures, including significant increase in their attack surface due to new hybrid work, accelerating use of cloud infrastructure and applications, more tightly interconnected supply chains, expansion of public-facing digital assets, and expanding Internet of Things (IoT) exposures.”


Data Sources

Bitdefender commissioned Censuswide, a leading international market research consultancy firm, to survey and analyze responses from 400+ IT and security professionals who work in companies with 1,000 or more employees across various industries. The survey and analysis took place from December 2022 through January 2023. The respondents were geographically split equally between France, Germany, Italy, Spain, United Kingdom and the United States.

To download a complimentary copy of the full Bitdefender 2023 Cybersecurity Assessment Report, visit here.

[1] Gartner, Predicts 2023: Enterprises Must Expand From Threat to Exposure Management Response, December 2022.

Gartner® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.