Why Are Organizations Failing to Report Cybercrime? (Infosecurity Magazine)


If your business was hit by a cyber-attack, would you report it to your CEO or Board of Directors? Would you report it to law enforcement? According to the Office of National Statistics, there were an estimated two million cybercrimes in the 12 months running up to March 2016.

However, recent research from SentinelOne – revealing 48% of 500 organizations worldwide had suffered a ransomware attack in the past 12 months – found that only 54% of respondents had reported the incident(s) to law enforcement. Imagine what the cybercrime figures would look like if the remaining 46% had reported their attacks.

The question is, why aren’t all organizations reporting cybercrime? What is the impact of this in terms of how we can tackle these threats?

A fear of coming forward

According to the survey results, only 61% of organizations globally reported a ransomware attack to the CEO or Board. It may be that IT teams are embarrassed to report the attack for fear of how it could reflect on their ability to prevent it in the first place, and are concerned for their jobs as a result. Consequently, IT teams want to rectify the problem without having to inform the C-suite.