Many companies that experience ransomware attacks do not disclose details of the breach to affected parties. IT media company Bleeping Computer reports being contacted by employees of companies that experience a breach seeking information about the event as C-suites keep tight lipped.
Breaches and the poor management of digital technology impacts all aspects of a company’s operations regardless of whether it is disclosed. But the disclosure problem is threefold. First, 68% of ransomware attacks go undetected altogether. Second, the lack of disclosure standards on cybersecurity generally means that the risk that creates more value loss than any other today is not well understood by either the C-suite or shareholders. This includes understanding the financial impact of a breach, especially a ransomware attack. With such attacks on the rise amid accelerated corporate digitization since the pandemic, this is a growing problem.
Third, the problem is not so much that companies are electing not to disclose details related to ransomware breaches. The problem is that they have a choice at all. Some form of mandatory standard disclosure on cyber risk and breach incidents beyond what is currently required in states like California on data privacy will increase awareness of good and bad technology management. This is no different than the mandatory disclosure of safety records and incidents by airlines. These decades-long standards that have made passengers safer and made the commercial airline industry more prosperous. The same can be said for the car industry.
Digital transformation is increasingly separating market winners from market losers. And cyber governance is an important part of this. Independent of any disclosure, the market is already rewarding companies that manage their technology well. The equity performance of 5-Star (best) and 1-Star (worst) companies in the Cyberhedge Cyber Governance Indices confirm that the management of technology, including cyber risk, now has even greater bearing on market performance as top companies across all sectors dramatically outperform poorly rated peers.
But with greater transparency around the risks, including ransomware incidents, the losses of poor performers can be better mitigated by companies and avoided by investors.