Private Sector Keeps Mum on Cyber Attacks

The biggest surprise to computer-security experts isn't that Google Inc. was targeted by attackers from China. It's that the Internet giant chose to disclose the incident.

Despite repeated efforts by the U.S. government to get the private sector to share information about threats, many companies have long kept such incidents confidential. "There's a culture of secrecy around any bad news, and data breaches are always bad news," said Larry Ponemon, a security and privacy consultant with the Ponemon Institute. "Organizations don't like to reveal it." The reticence can apply both to public disclosure of attacks as well as information-sharing among companies and government agencies—exchanges that can help organizations prevent future break-ins.