Despite disclosure laws, cybercrime may be widely underreported
A new report by ISACA indicates that it is very common for organizations not to report cybercrime. Greg Touhill of ISACA is highly concerned that “underreporting cybercrime – even when disclosure is legally mandated – appears to be the norm.” About half of the survey respondents think that underreporting cybercrime is common practice at most companies.
The study identifies the three main threat actors as cybercriminals, hackers and non-malicious insiders. The top cyber threats are phishing, malware and social engineering. The study also found that IT security leaders tend to have more confidence in the ability of their security teams to combat cyber threats when those teams work directly under the CISO than when they report to a CIO.