No.  It’s definitely not because they use disk encryption solutions like AlertBoot.  The companies that were surveyed by consultancy firm Logica did not report the breaches because they didn’t want to.  Yeah, you read that right.  They didn’t want to, so they kept it unreported.  Secret.  Sub rosa.

Let’s face it, a data breach of customer information—especially sensitive information like names, addresses, credit card numbers, Social Security numbers, or any combination thereof—is not something that one wants to announce to the world.  Companies ought to, since it allows their patrons to be on the look out for things like identity theft, but the end result is generally lost business, lawsuits, bad publicity, and other assorted recriminations to the company that made the announcement.  I mean, who needs or wants to announce a breach?

So, approximately sixty percent of companies surveyed never took the time to alert their customers about a data breach.  Half of them didn’t inform the police or the authorities!  Other things of note:

• Of 300 surveyed IT directors, CTOs and IT security managers, 1 in 10 admit being victims of a data security breach.  (That sounds way too low.  My guess is that about 5 in 10 are either bending the truth or have no idea what’s going on in their companies)
• Of those who admit a data breach, 40% alerted their customers.  Only half alerted the authorities.
• Of those surveyed, only 30% educate their staff about IT security procedures
• Of those surveyed, less 33% have a security incident response team
• Of those surveyed, half of the companies have no idea how a data breach will impact their businesses
• Of those surveyed, half think that security is an IT department issue.

I think that last piece of intelligence is quite revealing.  In a survey of IT executives, half think that data security is an IT department issue?  No wonder there’s a report of an information security breach every other day: there’s no way a handful of people in the IT department can ensure the security of an entire company.  Yes, there are tools like laptop encryption in case things are stolen or lost; firewalls to deter amateur and would-be hackers; port control software to stem the copying of sensitive data; and other products out there to ensure prevent data breaches.

But, the biggest weapon in ensuring data security is still having your employees practice good data security.  Yeah, it’s not a “guaranteed” secure like a 128-bit asymmetric encryption key that’s been verified as impregnable by the cryptographic community.  But, if your employee sticks a Post-It pad with his username and password to the computer…well, all that encryption goodness is for naught, no?

Related Articles:

http://management.silicon.com/itdirector/0,39024673,39293831,00.htm?r=6

http://www.itpro.co.uk/606483/companies-hiding-data-breaches

http://sip-trunking.tmcnet.com/topics/security/articles/40938-logical-study-companies-failing-disclose-security-breaches-clients.htm