Bitdefender recently released its 2023 Cybersecurity Assessment. We delved into the report to find the key takeaways for US companies about the state of cybersecurity in 2023. Here’s what we found:
The Main Cybersecurity Concerns Reported by US Companies
The report noted the following concerns as the highest ranking for US companies:
- Security vulnerabilities;
- Supply-chain attacks; and
Some high-profile hacks in these categories include:
- The 2021 Microsoft hack, which exploited zero-day vulnerabilities in the Microsoft Exchange system and the 2022 Twitter hack which allowed hackers to link email and phone numbers to user accounts.
- The 2021 Solarwinds supply-chain attack which impacted around 18,000 customers, including the US departments of state, health, and treasury.
- The recent SharePoint phishing scam which has targeted about 1600 individuals, including some in the US and across Europe.
Most Important Myths to Dispel
The report also dug into commonly believed cybersecurity myths and ranked them based on how damaging they are. They found the following myths caused the most concern for US employers:
- “Our organization is not a target for cybercriminals”;
- “Using non-corporate approved apps is not a big deal”;
- “Security is solely the responsibility of the IT team”; and
- “An email that comes into the corporate system is always safe to open”.
Employers could leverage this list of myths to generate email and education campaigns for their workers, or to form the basis for future privacy and cybersecurity training programs.
A Culture of Cover-ups in the US
The report also revealed that employees in US companies are more likely to be told to cover up a breach than anywhere else in the world.
In the US, 70.7% of respondents noted that they had been told to keep a breach confidential knowing that they should report it. While 54.7% of respondents reported having kept a breach confidential knowing that it should be reported.
In Germany and Spain, just 35% of respondents had been told to keep a breach confidential. In fact, at 44.3%, the UK was the ‘next closest’ to the US in terms of respondents reporting they had been told to keep a reportable breach confidential. This shows how pervasive the practice is in the US – and how out of touch it is with the rest of the world .
It’s unsurprising that US respondents were also significantly more likely to report feeling concerned about liability from a poorly handled data breach. A staggering 78.8% of US respondents reported feeling this concern.
The antidote to this is creating a robust data breach plan, including systems recovery and communications, in advance of a breach. If you’re prepared for the eventuality, then it’s less likely you’ll feel the need to attempt to cover it up (which comes with a risk of increased future liability as well as reputational harm).
For assistance in developing your data breach plan, reach out. Our privacy attorneys would love to help.
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.