When The New York Times announced in January that it had been the target of four months of cyberattacks, the media giant joined a small but growing chorus of big industry names to come forward as hacking victims. Twitter, Facebook, and Apple have all recently admitted to cybersecurity breaches, and both the Washington Post and Wall Street Journal followed The New York Times with hacking announcements of their own. These admissions are a significant break from the standard post-hacking practice of keeping quiet about vulnerabilities to avoid shareholder panic.

But the taboo against going public seems to be lifting. This is important, because the persistence, scale, and breadth of the attacks mean that plenty of companies have already been compromised. The common weak link? Humans.