Half of organisations don't ‘fully' inform customers when their personal data is potentiall compromised in a cyber attack
That's according to IT security firm CyberArk in its latest report, 'The Business View of Security: Examining the Alignment Gap and Dangerous Disconnects'.
The report comes as organisations have less than six months to prepare for the reporting regime that will come into force in the European Union's General Data Protection Regulation.
Almost half (46 per cent) of business leaders defended their record by saying that they ‘can't stop every attempt' to break in, according to CyberArk.
"Unfortunately, it's not uncommon for organisations to want to hide the extent of damage caused by cyber attacks.
"As we've seen in data breaches at Yahoo, Uber and more, these organisations are either intentionally hiding initial details, or the attacks were more extensive than first thought," said David Higgins, director of customer development, EMEA at CyberArk
Concerns about cyber security are high, with almost two-thirds of respondents saying that their organisation is vulnerable to attacks like phishing. Many vulnerabilities were found, in spite of this level of concern.
For example, more than four in 10 line of business respondents store passwords in a document on a company PC or laptop; and two in 10 do so in hardcopy like a paper notebook.
52 per cent of respondents said that they do not ‘understand their specific role' in response to an attack. One-third of security professionals surveyed claimed not to have an accurate knowledge of security policies, and a similar figure told Cyber Ark that they do not use a privileged account security solution to store and manage privileged and/or administrative passwords.
Customer trust is vital in securing a long-term future for any business; but just as important is the trust of your peers. 44 per cent of business leaders said that potential partners assess their organisation's security before committing to doing business with them.
"However, more than half of firms provide third-party vendors remote access to their networks, but almost a quarter do not monitor their activity.
Higgins added: "This sort of behaviour will have massive consequences in the coming year with enforcement of GDPR fines for lack of compliance.
"What's also surprising about this survey is the persistence of rampant poor security best practices and lack of consistency across line of business and IT security leaders - despite strong awareness of risks and continued headline-generating cyber attacks."
Eleven 'normal' outer moons, and one described as 'oddball' found circling Jupiter
Scientific discovery has found a quadrillion tonnes of diamonds in the earth's mantle
Mobile payment app makes users' details public by default
2,400 signatures gathered against the development and production of lethal robots