A global "ransomware" attack that started last week locked thousands of computers in more than 150 countries.
As a cybersecurity hub, metro Atlanta hosts nearly 100 cybersecurity firms. Some of them are helping affected companies respond to the attacks.
Attorney Roy Hadley, who serves as the co-chair of of the law firm Thompson Hine's privacy and cybersecurity team, said if he had to estimate, there are probably hundreds of companies in Georgia that have been hit by the same cyberattack that caused hospitals and factories to shut down when thieves held data hostage. The name of the virus or malware, also called ransomware, is WannaCry.
Hadley said WannaCry doesn’t seem to have been as widespread or damaging in Georgia, but he represents companies after cyberattacks and said he personally knows of dozens that are keeping quiet.
"If I'm a business and I say 'I was hacked' then all of a sudden my customers, my clients that depend on me to keep my data secure, are going to question my ability to do so," he said.
Private companies aren't required to disclose data breaches, and public companies are required to report it to the Securities and Exchange Commission if it affects shareholders and is a major cyberattack.
"And even then what is a major cyber event?” Hadley asked. “Is ransomware a major cyber event if you pay the ransom and get your data back right quick?”
Nearly 100 company executives gathered for the Technology Association of Georgia’s cybersecurity simulation training at Kennesaw State University on Wednesday.
Ed Pascua, co-chair of the Information Security Society with the Technology Association of Georgia and senior vice president of cybersecurity firm Simeo Solutions, said firms like his are reminding clients about the importance of security and continuing to “help drive awareness to prospects in order to leverage the fear and concern around this particular threat.”
"There's a lot of companies who think they're prepared, I think there are fewer companies that are actually prepared,” Pascua said. “If you're safe today, it could be that you're not safe tomorrow or a week from now. It's a constant effort."
But Hadley said there’s only a limited amount of damage control cybersecurity firms can do.
"They're helping with the response. The problem is once ransomware locks your data up, there's not much you can do unless you pay the ransom or you had good backup," he said.