Former FBI cyber expert: 94% of cyber security breaches unreported

Matt Pitchford Contributor
Font Size:

Though cyber security breaches are happening at the rate of thousands of attacks a day, at a cyber security panel on Monday, former FBI cyber security expert Shawn Henry said, “Most major companies — like 94 percent — don’t know that they have been hacked until a long time afterward.”

Henry has painted a bleak picture before: Voice of America reported that Henry believes “most major companies have already been breached or will be breached, resulting in substantial losses in information, economic competitiveness and national security.”

Michigan Republican Rep. Mike Rogers told Monday’s audience of business, media and technology representatives that “we are good at protecting government cyber assets, but we need to partner with the private sector.”

Since the Internet is so integrated with private businesses and critical infrastructure, Rogers argues that the cyber security threat isn’t just about credit card numbers or bank accounts, but includes vital utilities like power grids and water.

The government’s interest in protecting American enterprises, though, has been met with resistance. The constantly evolving cyber threat means that ensuring security is a costly project, so businesses decide to ignore it.

In an attempt to answer concerns about cost and regulation, Rogers points out the voluntary compliance in the “Cyber Intelligence Sharing and Protection Act” (CISPA), which is aimed at the “narrow focus of sharing information about threats to the government and the private sector.”

“My bill is voluntary for a reason,” Rogers said. “This needs to be private-sector driven.”

“If we delay, it will cost us,” WTOP National Security reporter J.J. Green added. “We need to move now and go big or go home.”

CISPA has drawn the ire of some rights organizations that are concerned the legislation will harm individual’s privacy on the Internet. The Electronic Freedom Foundation, for example, argues that CISPA could mean companies and the government “surveil citizens for a host of reasons beyond critical cyber security threats.”

Follow Matt on Twitter.