How Mandatory Ransomware Reporting Impacts Your Brand

Brand ProtectionCorporate SecurityCrisis Management

Although it’s impossible to pin down the true number, current estimates are that up to 75% of data breaches go unreported. And that’s entirely understandable. Announcing to the world that your company has been the victim of a cyberattack is not only embarrassing but can also have a severe impact on the bottom line. 

According to IBM’s Cost of a Data Breach Report 2021, the average cost of an attack increased by nearly 10% year-over-year, from $3.86 million to $4.24 million. Beyond the immediate cost of what a company might pay in a ransomware attack or what it might cost for IT to conduct incident response, there is brand damage that can have a lasting impact for years to come. The IBM report says lost business represents nearly 40% of that $4.24 million, which includes business lost from customer turnover, and the cost of acquiring new business due to brand damage. 

Companies need to start upping their security game when it comes to preventing breaches in the first place, responding quickly to incidents when they do occur, and protecting the company’s brand.

You can see how it might be tempting for companies to simply pay the ransom and not tell anybody. And while the EU’s GDPR has strict reporting laws when it comes to the personal information held by companies, the rules in the US are far more lax and a bit fuzzy. There is no federal regulation that requires companies to report breaches, outside of rules relative to patient records or other forms of personally identifiable information (PII).

But all that is about to change.  Congress is currently considering a bill that would require organizations that make a ransom payment to report that payment to the Director of the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S. Department of Homeland Security, within 24-hours of the payment. 

The “Cyber Incident Reporting Act of 2021” would apply to critical infrastructure organizations, nonprofits, businesses with more than 50 employees, and all state and local governments. The bill would also require critical infrastructure companies to report any cyber incident within 72 hours.

And that’s not all. The government wants to be able to analyze the methods and tactics of cybercriminals, so companies are required to do more than simply report that a breach occurred or that a ransom was paid. The proposed regulation would require companies to provide detailed information on how the breach happened, what security measures were in place and how the attackers got around them.

Defending against cyber threats and protecting the company’s brand is not only good for regulatory compliance, it’s simply good business.

The proposed law has important implications. Companies need to start upping their security game when it comes to preventing breaches in the first place, responding quickly to incidents when they do occur, and protecting the company’s brand.

Media Sonar can help

Media Sonar Web Intelligence & Investigation platform helps companies anticipate potential security incidents, perform crisis management if the unexpected happens and protect brand assets.

Here are some of the specific capabilities of the Media Sonar platform:

  • Media Sonar consolidates multiple open-source intelligence tools (OSINT) into an integrated, automated platform for conducting threat detection.
  • The Media Sonar platform gives security practitioners visibility into the Dark Web so that teams can get ahead of emerging threats.
  • The platform specifically targets brandjacking, which can take the form of social media account takeovers, spoofed domains and phishing emails.
  • The platform enables deep-dive digital investigations across IP addresses, domains, email addresses, usernames and organizations.
  • The Media Sonar Social Insights Report provides a high-level view of public sentiment toward your brand.
  • And the platform enables companies to meet regulatory requirements with detailed auditable logs of user activity.
  • According to the IBM breach report, companies with effective incident response teams were able to reduce the cost of a breach by 55%. Media Sonar provides custom alerts and collaborative workflows that help companies respond to crises.

It’s clear that the regulatory environment with respect to data breaches is changing and organizations need to move quickly to get ahead of the new rules. Even if the federal law gets stalled in Congress, individual states like California are tightening their own data protection rules and adopting GDPR-based regulations.

Defending against cyber threats and protecting the company’s brand is not only good for regulatory compliance, it’s simply good business.

Limited Time Offer!

We want to make our Web Intelligence & Investigations platform more accessible. Make the most of your 2022 security budget with up to 25% off all Media Sonar packages from now until March 1st, 2022.

Some conditions apply

Previous Post
Join Us at Security Exhibition & Conference

Become a Media Sonar Insider

Become a Media Sonar Insider

Please fill in a few details & we'll add you to our communications list.

Looking For More Content?

– Limited Time Offer –

Up To 25% Off All Media Sonar Packages

– Ends March 1, 2022 –

Some conditions apply

Menu