According to an AlienVault survey only 2% of participant EU-based companies would publicly admit of suffering a security breach-- preferring to keep quiet instead of facing the reputation consequences. 

The survey also reveals 38% of participant companies would inform the relevant authorities, 31% would inform their employees and just 11% would share the information with the security community. 

"On the one hand, publicising a breach would help other businesses avoid falling prey to attacks," Alienvault says. "On the other, damage to your brand and reputation could be significant."

Making breaches public might bear even more significant risks in the near future-- the European Commission data protection law proposal suggests companies should face fines of up to 2% of global annual turnover in event of security breach.

Another disturbing survey find is how 5% would do "nothing" should new malware hit, although at least the majority of respondents (52%) would would research the impact, 31% would look for a patch and 1% would wait for full impact. 

Intelligence sharing fares a bit better-- 35% would share anonymously, and 15% would do so publicly (making 50% of respondents). 

"Sharing information about the source and nature of attacks allows the security community to act fast, and quickly isolate malicious or compromised hosts," AlienVault continues. "In addition, it helps identify attack methods, tools and patterns, all of which help fuel research on new defense technologies."

The sharing of security information happens through a number of channels, including blogs, underground forums and peers as well as news sites and education/training. 

Go AlienVault Finds Only 2% of Companies Would Publicy Report Security Breach