Why You Must Report A Cyber Attack

Cyber incidents can have dire consequences. The theft of private, financial, or other sensitive data and cyber attacks that damage computer systems can cause lasting harm to anyone engaged in personal or commercial online transactions. Such risks are increasingly faced by businesses, consumers, and every other Internet user. 

Once you’ve suffered a cyber attack, much of the damage has already been done. There’s no way to make the disruption disappear or to circumvent your data breach notification requirements.  Ignoring the attack or your regulatory obligations will only make things worse.

Under the General Data Protection Regulations (GDPR) EU organisations are required to notify their relevant supervisory authority within 72 hours of discovering certain types of data breach. Specifically, you must notify your supervisory authority if the incident “poses a risk to the rights and freedoms of natural living persons”.Additionally, you must notify affected individuals if the incident results in a “high risk”.

Before you contact anyone, you must identify whether the data breach meets that threshold. That might seem like even more work, but it can have significant short, and long-term benefits. For example, reporting an incident allows individuals to look out for suspicious activity, such as money disappearing from their bank accounts, and enables them to take steps to protect themselves.

Notification also helps other organisations prepare for similar attacks. Criminals often reuse successful techniques, whether it’s a particular scam method or a network vulnerability, and officially announcing this threat gives organisations time to address the issue. If all organisations do this, you will benefit massively in the long run.

This issue connects to a far bigger problem - that no one is truly aware of just how big the threat of cyber crime is. The number of reported incidents has surged in the past few years, but experts suspect there are still a vast number of unreported breaches.

If there was more transparency, organisations would realise how important it is to address cyber security. It would also make criminals’ jobs harder. As it is, cyber crime is practically a no-risk venture: whether you succeed or fail, you fly under the radar and almost certainly won’t face any consequences. Organisations might counter these points by noting that very few cyber criminals are identified even when cyber crime is reported.

A survey by the National Crime Agency found that only 38% of respondents are confident that law enforcement responds appropriately to cyber attacks.

This problem is made worse by the low level of conviction and the light punishment that convicted cyber criminals receive. Cyber security journalist Brian Krebs reports on the prosecution of cyber criminals and, commenting on one case, “Courts around the world continue to send a clear message that young men essentially can do whatever they like when it comes to DDoS attacks and that there will be no serious consequences as a result. ...if we don’t have the stomach to put these “talented young hackers” in jail when they’re ultimately found guilty, perhaps we should consider harnessing their skills in less draconian but still meaningfully punitive ways.. such as requiring them to serve several years participating in programs designed to keep other kids from follow.”

Breached organisations aren’t the only ones that need reconsider the value of identifying and responding to cyber attacks. It requires a coordinated effort from everybody involved to appreciate the magnitude of the problem and how to reduce it. Cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. It costs the UK billions of pounds, causes untold damage, and threatens national security. 

Organisations’ responses should include a detailed breach notification procedure, but it’s just as important to fortify defences and mitigate the threat of attacks.

DHS:     NCA:    NCSC:      IT Governance:      IT Governance:     Digital Social Care:   

University of Michigan:     Brian Krebs:

You Might Also Read: 

US Cyber Security Chiefs Support Mandatory Incident Reporting:

 

« NCSC Cyber Security Breaches Survey 2022
Data Protection Must Be a Part of Every Cyber Security Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

idappcom

idappcom

idappcom provides unique industry approved software solutions for auditing and enhancing the threat recognition and response capabilities of your corporate security defences.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Jit

Jit

Jit empowers developers to own security for the product they are building from day zero.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.