What are some potential consequences of publicizing a security incident?

676 views3 Comments

Vice President for Information Technology in Education, 1,001 - 5,000 employees
Companies are trying to pay ransoms to hackers covertly, but their payments are recorded in blockchain or in Bitcoin, which is viewable. All the other bad actors are looking at who's paying these ransoms, and they're just going after those companies again and again.
VP, Information Technology in Consumer Goods, 10,001+ employees
When we had a security incident, the interesting thing for us was that we went public on day one and said, "We're in trouble, we're working through it." The quality of phishing emails we received after that went way up. They used to be things that anyone can spot as a fake, and suddenly they were close enough that people had to call their bosses to verify if their superior had actually sent them a message. The phishing messages were perfect down to the pixel, because we’d painted the biggest target on our back.
Director of IT in Education, 5,001 - 10,000 employees
I would say it depends on the severity of the breach, i.e., if the breach doesn’t affect privacy or customer data and get resolved quickly, then no need to publicize. However, if the breach significantly affects PII or other sensitive data, then you have no choice but to inform the affected data owners.

Publicizing the breach will have a negative effect on the company reputation and potentially announcing/exposing weaknesses in the company’s security posture to the public.

This is a balancing act, that every organization should develop a plan to handle this type of situation.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.1k views131 Upvotes319 Comments

Cyber insurance with ransomware coverage44%

Law enforcement contact(s)44%

Ransomware response plan59%

Ransomware task force/team39%

Bitcoin account for ransomware payments14%

Disaster recovery site33%

Other (comment below)1%



Once a month7%

Once a quarter43%

Once every 6 months17%

Once a year15%

We do not run ransomware simulations currently.16%

Other (comment below)0%


1.6k views1 Upvote