CISOs and cyber leaders may not see reporting a breach as the most pleasant of tasks, but experts say mandatory and voluntary sharing of intelligence around incidents can only improve the readiness and resilience of responders.



Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting an intrusion, all while keeping company officials and stakeholders up to date and preventing sensitive information from getting into the wild. Explaining what happened might seem just like another layer of hard work and exposure to potential embarrassment when the details are out there for all to see.

But legislators have been pushing enterprise executives to share more information about security incidents and they’re creating new requirements in the United States and around the world to mandate the disclosure of such information. Why?

As painful or counterintuitive as it might seem to explain how the bad guys did what they did to your organization, there are some great reasons to report breaches. Many security leaders say they fully support requirements that mandate organizations to report incidents of compromise (IOCs) and provide information on how they occurred, saying authorities can use that intelligence to help cybersecurity community better combat bad actors.


Read the full article in CSO:

Translate »