A report by Checkmarx reveals that 95% of CISOs feel pressured to suppress or delay reporting security issues, due to competing business priorities and concerns from boards and executives about timing and public perception. This pressure undermines transparency and complicates disclosure decisions, especially when vulnerabilities may not pose significant immediate risk but could affect customer trust and legal standing. Experts suggest integrating CISOs more fully into business strategy and shifting cybersecurity from a compliance checkbox to an operational resilience focus to alleviate these challenges.
https://www.darkreading.com/cyber-risk/most-cisos-report-pressure-to-bury-bad-security-news