"Think about it: if you were running a multi-million dollar company, and your database of customer information was stolen, would you want to tell your clients? No. Most [US] companies did not until the laws required them to. It's in the best interest of organisations - when they're attacked and information is stolen - to tell nobody."