In an era where data breaches dominate headlines, the delicate balance between regulatory compliance and protecting public image has become a high-stakes challenge for organizations. The stakes were underscored by Shai Mendel, Co-Founder and CTO of Nagomi Security, who highlights the intersection of transparency, trust, and proactive cybersecurity.
“Compliance and reputation management can go hand-in-hand when organizations take a proactive stance on cybersecurity,” Mendel explained. “Transparency about breaches demonstrates a commitment to security, even in the face of challenges.”
This approach stands in stark contrast to past incidents where obfuscation or delayed reporting backfired spectacularly. The 2017 Equifax breach, for example, resulted in a $700 million settlement and lasting reputational damage after the company waited nearly six weeks to disclose the incident. Similarly, Uber’s 2016 breach became a cautionary tale of what not to do when executives paid hackers $100,000 to keep quiet, a decision that led to significant fines and public outrage when the breach eventually came to light.
Mendel argues that a proactive stance, including early detection and transparent communication, can mitigate such fallout. “Proactive communication, where organizations share both the breach’s details and steps being taken to mitigate future risks, helps maintain trust while complying with regulatory requirements,” he said. He also emphasized the importance of adopting advanced tools, such as Nagomi’s platform, to detect threats early and minimize the need for reactive measures.
This emphasis on proactive measures comes as regulatory landscapes tighten. In July 2023, the U.S. Securities and Exchange Commission (SEC) introduced new rules requiring public companies to disclose material cybersecurity incidents within four business days. While heralded as a step toward greater transparency, the guidelines sparked concern about potential reputational damage from hastily prepared disclosures.
Mendel anticipates even stricter SEC guidelines on the horizon. “Yes, stricter guidelines are likely as the SEC continues to refine its approach to cybersecurity reporting, particularly around proactive threat detection and response,” he said. To prepare, Mendel advises organizations to embrace continuous optimization of their security defenses, enabling them to shift the narrative from damage control to recovery and resilience.
Organizations face a critical inflection point: They can adopt transparency and proactive measures as tools to build trust or risk being defined by their breaches. As Mendel put it, “By continuously optimizing security defenses, organizations can reduce the scope and severity of incidents, resulting in disclosures that focus on mitigation and recovery rather than damage control.” In the race to secure trust in an increasingly digital world, the choice is clear.