Around 70% of CISOs feel pressured to conceal cyber incidents

Around 70% of UK chief information security officers (CISO) face pressure to conceal security incidents and breaches, risking regulatory penalties and the erosion of trust in their companies, according to new research published by compliance training provider Skillcast.

The firm’s study – which polled 200 UK finance professionals earlier this year – also found that 82% of financial services professionals believed they had been targeted by cyber threats in the past year, with 59% of these respondents reporting that they had clicked on a link they later believed to be a phishing attempt.

The research further suggested that around 612,000 UK businesses had reported a cyber breach or attack in the past 12 months, with an average cost of a breach reaching £3,550.

’Cyber security pandemic’

Vivek Dodd, chief executive at Skillcast, said: “Amid what feels like a cyber security pandemic for UK businesses of all sizes, much of the debate on disclosure has centred on whether companies should be forced to report breaches.

“What’s often missed is why so many incidents are concealed in the first place. The reality is that too many executives and CISOs feel pressured to protect corporate reputation above compliance.

“That pressure highlights systemic gaps in cyber security compliance training, culture and governance. Boards and CISOs need targeted programmes to understand not just their legal duties, but also the ethical and operational consequences of concealment.

“Without a culture of transparency, even the strongest frameworks risk being undermined by fear of reputational damage or internal pressure to suppress information.”