Use your computer fearlessly.

Mission Services Articles Research

Breach Reporting and Nondisclosure Agreements

by Brent Kirkpatrick

(Date Published: .)

Nondisclosure agreements can be used to suppress reports of data breach.

Nondisclosure agreements can prevent necessary discussions about cybersecurity and be used to avoid accountability. Nondisclosure agreements or NDAs are used to give a company's leadership options about releasing information. Since the top people dealing with a cybersecurity incident will generally have signed NDAs, this typically allows the CEO to manage the incident before the media finds out. Unfortunately, NDAs have sometimes been used to avoid reporting, avoid responsibility, and prevent the software community from fixing the problem.

In many cases, it is wise for a CEO to have contained the cybersecurity incident before announcing the incident to the media. This is because a media announcement of the problem is often accompanied by an increase in hacking. However, CEOs have used NDAs to avoid calling in the FBI, to avoid collaborating with the software industry, and to avoid reporting entirely.

motherboard labeled Nondisclosure Agreements for Cybersecurity

Proper reporting of cybersecurity incidents requires alerting the FBI, requires sharing the most crucial results of digital forensics, and requires alerting the individuals whose personal information was accessed by hackers. The FBI needs to be told when and how the cyberattacks were carried out. This allows law-enforcement to track the activities of hacker groups as they cyberattack multiple victims. The crucial results of digital forensics needs to be shared with software engineers through the Common Vulnerabilities and Exposures (CVE) database. This is so that the critical vulnerabilities can be patched. Finally, the individuals effected by data theft need to be informed, so that they can mitigate the risk of fraud and other crime.

Nondisclosure agreements are a modern business invention that prohibits an employee from discussing company trade secrets. NDAs were designed to protect intellectual property from theft. Unfortunately, the cybersecurity community has been using NDAs to suppress or delay proper reporting of cyberattacks.

defendIT image

defendIT (TM). AI-driven security measures derived from security incident data.

Business Articles

Cascading Data Breaches
Rapid Containment of Intrusions

INC Logo

What Is New? | Contact | Tips

© 2015-2021 Intrepid Net Computing. All rights reserved.