The Security Breach: To Tell or Not To Tell?

You are the Head of Security for your multimillion-dollar corporation. Recently, you have been restoring your computer system because of a serious breach that occurred over a period of several weeks before it was detected by your computer analysts. You estimate that the financial loss associated with this attack is $27,148,000. This cost is based on tangible losses such as lost productivity, network downtime, and the expense of getting rid of the virus that infected the network. You've been called into a meeting with the Board of Directors and the CEO to determine whether the company should go public with the breach. The discussion centers on how this information will be used by customers and competitors, ie, the intangible costs. What will the media do with this information? What will be the impact on your reputation? Will your customers lose confidence in your ability to protect their private information? Will this result in a negative impact on your bottom line?

Consider all the stakeholders in this scenario. What is the primary consideration here? Other than what is being considered at the board meeting, are there other things that should be considered? What is the ethically right thing to do?