Indeed, it was widely assumed that many companies did not report loss of confidential information or a disruption to their computer system caused by a cyber incident for fear of damaging their reputation with investors, customers, and their employees, and highlighting their vulnerabilities.