This site uses cookies to ensure the best viewing experience for our readers.
A Third of Serious Cyberattacks in Israel in the Past Year Went Unreported, Report Says

A Third of Serious Cyberattacks in Israel in the Past Year Went Unreported, Report Says

Since new regulations requiring companies and nonprofits to report on significant breaches came into force in May 2018, Israel’s Privacy Protection Authority has handled 146 severe cybersecurity events, only 103 of which were reported by the organizations targeted

Raphael Kahan | 17:47  25.07.2019
In the past year, 30% of serious cybersecurity events in Israel were not reported to the proper authorities as required by law, according to data released Thursday by Israel’s Privacy Protection Authority.

New regulations requiring companies and nonprofits to report on significant breaches came into force in May 2018. Since then, the authority has handled 146 severe cybersecurity events, only 103 of which were reported by the organizations that fell victim to the attacks, according to the data. The rest of the incidents were reported by third parties. The authority estimates that an unknown number of additional attacks took place but were not reported.

Cyber attack (illustration). Photo: Shutterstock Cyber attack (illustration). Photo: Shutterstock Cyber attack (illustration). Photo: Shutterstock
The sector that suffered the most attacks was insurance and finance (23%), followed by data management and healthcare (10% each), communications and education (8% each), and internet (7%).

Related stories

Cases in which hackers used an inherent security flaw in the organization’s database accounted for 15% of the attacks. Theft of passwords and usernames were conducted in 7% of cases, human errors and malware were spotted on 9% of cases, and unintentional loss of media or unauthorized delivery of data was the case in 8% of attacks.

A spokesperson for the Privacy Protection Authority told Calcalist that the authority can fine offenders who fail to report attacks or fail in other ways to conform with the regulations meant to protect personal data. The authority is also authorized to cancel or temporarily suspend an organization’s license to hold a database and to make any infringement public.
share on facebook share on twitter share on linkedin share on whatsapp share on mail

TAGS