Nearly a quarter (24%) of senior IT decision makers within UK small businesses have admitted to suspecting their company has covered up at least one successful cyber attack against their business in the last year.
With small businesses facing an average of five attacks in the last 12 months, there are a number of IT bosses who think successful attempts to steal customer, commercial and other sensitive information have been kept secret – maybe in efforts to avoid negative publicity.
The results from a new independent report: “Under Attack: Assessing the struggle of UK SMBs against cyber criminals”, commissioned by online encryption specialists Appstractor Corporation, highlights an environment of secrecy and lack of trust within some businesses when it comes to cyber security.
Within larger SMBs (employing between 50-99 people) this level of suspicion is even higher with more than half (51%) suspecting at least one cover-up.
Several high profile security cover ups have already been revealed in the last few years, perhaps most notably when it was revealed that Uber had concealed a massive hack involving the data of 57m users and drivers.
In that case it was revealed the firm had actually paid hackers $100,000 to delete data and keep the breach quiet.
The Institute of Directors has previously warned that businesses were actively covering up being the victim of a cyber attack while also failing to take their cyber security seriously – a view supported by these recent facts.
Paul Rosenthal, CEO and founder of Appstractor Corporation, said small businesses were playing a risky game if they were in fact trying to cover up security breaches, especially considering GDPR, which came into force earlier this year.
“The mere fact that small businesses are facing so many cyber attacks every year is concerning – some admitted to facing up to 10 attacks in the last 12 months – but the idea that so many IT bosses suspect successful attacks are being covered up within their company is far more worrying,” he said.
“It is understandable that businesses would want to avoid the negative publicity and potential loss of confidence from customers or business partners that comes with becoming a known cyber victim, but companies have a responsibility to customers to let them know when their information has been compromised.
“These businesses are taking an even bigger risk now if they are in fact trying to keep cyber breaches secret because the fines they will face under GDPR for trying to cover up an attack will dwarf any backlash they would get from making them public.”