Major security breaches exposing the personal data of thousands of constituents grab headlines and impact public perception of the affected agency. But why expose your organization to the public shaming that comes with an admission that your network has been hacked?
According to a report on Mashable, many companies avoid any public declarations about getting hacked since the origins of such attacks can be difficult to trace. Besides the moral obligation to come clean to the public and provide guidance to those affected as to how to protect themselves, public-sector agencies talk about breaches because they have to.
"Hospitals, insurance companies and health agencies must disclose breaches of patient information," the article reads. Major public-sector breaches in 2012, like on South Carolina's Department of Revenue and Utah's Department of Health, resulted in large-scale communication and remediation efforts, led by state officials.
A recent attack perpetrated on The New York Times was described by the newspaper in a front-page story. The Times assigned blame to the Chinese military.
Some companies may never even realize they were victimized, while other organizations convinced that an attack originated in a certain part of the world may decide not to reveal it, so as not to jeopardize their business interests in the region.
Experts agree that going public with details about getting hacked is a positive step, and doesn't carry the same stigma it once did.
"Given the amount of stories about high-profile hits in recent and not-so-recent times, people have gotten more used to this type of news," said Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab. "Slowly people have come to realize that this happens to everyone. I definitely think the negative impact is not as severe as it once was."