If It’s Not A Breach, Don’t Report It

Cybersecurity consultants Darin Bielby and Jeremy Batterman of Navigant discuss a common scenario that occurs after they are called in by a company under duress because it fears a reportable cyber breach has occurred: They discover evidence there wasn’t one. That’s happening now, they say, about 50 percent of the time they get called into to do a forensic investigation, and that’s significantly more often than last year. It’s likely the reason for the uptick has to do with a particular type of intrusion that in recent months has been on the upswing but does not result in data being “exfiltrated.” Companies need to keep in mind that when it comes to reporting a possible breach, it’s not “better safe than sorry,” because reporting increases the potential for brand damage, privacy class actions and other costs.