Home/Materials/Why companies hide cyberattacks
Cybersecurity and continuity

Why companies hide cyberattacks — and what it leads to

First partners are told about "planned maintenance". Then the attack is admitted, but "we handled it quickly". In reality, processes are restored for another six months. Why business hides cyberattacks and why it is costly.

Updated: June 28, 2026 · Author: Evgeny Telenkov · ≈ 6 min read
Why companies hide cyberattacks — and what it leads to

How it usually looks

The scenario repeats from company to company. First customers and partners are told there is "planned maintenance" or a "software update". When hiding it is no longer possible, it is cautiously admitted: yes, there was an attack, but everything is under control. In reality, weeks and months go into restoring processes, searching for lost data and rebuilding what had worked for years.

Ransomware, a stolen database, systems down for several days — companies of any size go through this. It is simply embarrassing to admit publicly, so the market sees the true scale only out of the corner of its eye.

Why they hide it

The reasons are clear: fear of losing customers and reputation, reluctance to show weakness to competitors, worry about questions from regulators and partners. As a result the incident is "swept away", no lessons are drawn — and the company stays just as vulnerable to the next hit.

The real scale of the damage

The most worrying part is that damage of hundreds of millions, sometimes a billion rubles, already surprises almost no one. The number of attacks on business in Russia has nearly doubled over the year. Gradually this has come to be seen as an inevitable cost of doing business.

Key idea: protection would have cost ten times less, or more, than recovery after a hit. The same tasks can be solved in advance — understand vulnerabilities, build resilience, train the team to act in a crisis.

What to do about it

Secrecy does not cure the problem — it preserves it. The healthy practice is the opposite: acknowledge in advance that an incident is possible for anyone, and prepare for it. That means understanding your critical processes, having a recovery plan and fallback options, and after any incident analysing the causes rather than hiding them.

You can understand how resilient your business is right now — with a short assessment that shows your readiness level and main risks.

See how resilient your business really is

13 questions, 5 minutes, free — results on screen and by email.

Take the free assessment → Book a review · 4,900 ₽ BCM turnkey →

FAQ

Is it mandatory to report a cyberattack?

For a number of organisations and data types, notifying regulators is required by law. But even where silence is formally allowed, concealment is usually costlier: unexamined causes raise the risk of a repeat incident.

Why is prevention cheaper than recovery?

Recovery means downtime, lost data, fines, customer churn and reputational damage all at once. Preventive measures (assessment, continuity plan, backups, training) cost incomparably less and reduce both the likelihood and the consequences.

Evgeny Telenkov
Evgeny Telenkov
Chief Risk Officer · PhD in Economics · "Best Risk Manager of Russia 2020"
20 years in risk management. Led risk management at Beeline, Nornickel, Rosneft and EY. Built business continuity plans for Nornickel, Rostec, NSD and DIA. Trained 300+ risk and BCM specialists.
More about the approach and expert →
Read also
7 days of downtime: a cyberattack lesson →
A real ransomware case at a major insurer: 7 days of downtime, website and app offline. Which BCM mechanisms w
BCM, BCP, DRP — the difference →
How BCM, BCP, DRP and risk management differ in plain language. A clear levels diagram, comparison table and e
5-minute assessment →
Your resilience level, three main risks and first steps. Free.