According to the results of an RSA survey, 54% of respondents have addressed a security incident but only 11% reported it. Based on what we see reported in the news, that would imply that the issue is actually 5 times greater but that we don't hear about 80% of it. What we have heard about for many months is that the Storm worm is everywhere, yet only 14% of the respondents claim to have been hit by it in any way. Either the reports of Storm's pervasiveness are grossly exaggerated, or there are many organizations that have Storm infections that don't even realize it. For more about the report, take a look at this Network World article by Andreas Antonopoulos.
Is Security Over or Under-Estimated?
From Tony Bradley, CISSP-ISSAP, About.com Guide August 6, 2008
Explore Internet / Network Security
©2012 About.com. All rights reserved.
A part of The New York Times Company.
Most security compromises are probably not reported as people may be unaware of who to report them to.
We have a list of some of the key people to contact (IC3, FBI, Secret Service) depending on the specific compromise.
http://www.mbridge.com/hacker.html
Secondly, companies may be concerned that their complaints will be made public which could scare off potential and current customers. This is a mis-perception that needs to be corrected.
Todd Shyres
http://www.MBridge.com