Two-thirds of industrial companies hush up on cyber incidents
As the results of the latest survey showed, two-thirds (67%) of industrial enterprises in the world do not inform the regulatory authorities about the incidents of cyber incidents in their networks.
Compliance with various norms and requirements is mandatory for modern industrial companies and even serves as one of the main factors of investment in information security, however, enterprises often do not comply with all the rules. For example, in the case of hiding a cyberincident, industrial companies are most worried about the fines that the regulator may impose, as well as the fact that the publication of information about such events can damage their reputation.
During the survey, respondents admitted that more than half of cyber incidents (52%) lead to violation of regulatory requirements, and 63% of respondents said that they are very concerned about the potential possibility of loss of customer confidence due to cyber incidents. With the exception of informing regulators about cyber incidents, industrial companies are generally very serious about compliance with standards and requirements.
According to the survey, it turned out that only 21% of enterprises in the world believe that they do not adequately comply with the mandatory requirements of regulatory authorities. In addition, for 55% of companies, the need to comply with the rules and regulations is the main driver of investment in information security. However, focusing only on formal requirements, enterprises often do not take into account current threats - only 28% of companies set their budget for cybersecurity based on the current landscape of threats.