BUSINESSES need to think carefully about when they publicly blame a threat actor for a cyberattack, as experts warned at a panel at RSAC 2026 on 25 March 2026. According to Cybersecurity Dive, the rush to attribute is a risky move because it can invite blowback, including diplomatic retaliation if a nation-state is involved or a data leak if a cybercrime gang is blamed.
Brett Callow, a ransomware expert at FTI Consulting, described attribution as extremely risky because you may bring third parties into the discussion and they may respond. Megan Stifel of the Institute for Security and Technology urged caution about public blame to avoid losing control of the narrative. The panel contrasted approaches from Callow and Mike Egan of Cooley LLP, who debated whether staying quiet or filling the gap with information is best when attribution has already leaked publicly.