Survey: Companies Fear Data Breaches, Invest in Security

group of people having a meeting in a corporate office

As the global impact of cybercrime evolves, companies around the world are paying attention to the threat and are making it their responsibility to protect the sensitive consumer information they hold.

But even as companies take steps to shore up their protections against data breaches, the risk of attack grows. And as the fast-moving COVID-19 (coronavirus) crisis has shown, not all potentially dangerous situations can be easily predicted.

To learn more about how companies are preparing for and handling data breaches, Experian Data Breach Resolution sponsored an independent survey of more than 1,100 professionals throughout the world to see what their companies were doing to protect against the risk.

Read on for insights from Experian's Seventh Annual Data Breach Preparedness Study.

Companies Are Spending More to Protect Against Data Breaches

As the world experiences a surge in data breaches—many of which are large in scale and well-documented in the media—companies are more acutely aware of the risks breaches pose when they result in the loss or theft of internal or customer data. In response, many have stepped up their protections: 68% of companies say they've invested more in security technology to help detect and protect against such attacks.

When it comes to company precautions, the most common tactic—reported by 73% of respondents—was to conduct regular reviews of physical security measures and access to confidential information. Companies can devise rules that restrict access to areas where confidential information is stored and access to the data itself, an essential step in defending it from prying eyes.

The second most common measure companies take—with 69% of respondents reporting so—is to conduct background checks on new full-time employees and vendors. This is another precautionary step that involves simple technology companies can implement without expert help to better understand who is handling confidential data.

Finally, as the third most common measure, 57% of respondents reported that they regularly conducted third-party cyber security assessments in 2019. This practice saw the largest increase in popularity—a 9 percentage point rise—of all precautionary measures taken in the past two years. This shows that in addition to devising new internal practices, companies are increasingly seeking outside help to beef up their cyber security, solidifying the importance of trained specialists when it comes to protecting cyber integrity.

Despite Investments Made, Data Breaches Affecting More Organizations

While most companies are spending more money to protect themselves against cyberattacks, the number of organizations that have suffered a data breach that involved the loss or theft of 1,000 or more records has spiked, with 63% reporting such a breach in 2019—up from 56% of respondents just two years ago.

In 2017 there were more than 1,600 data breaches just in the U.S., according to the Identity Theft Resource Center. Though the number of data breaches actually dipped in 2018, more personal records are being exposed than ever before. In 2018, over 446 million personal records were exposed, up from 197 million in 2017.

So, whether companies are worried about the frequency of data breaches or the magnitude, at least in the U.S. those concerns are seemingly validated considering documented breaches in the past few years.

Companies Are Increasingly Worried About Data Breaches

Since 2017, despite increased efforts to protect themselves, companies seem to be losing faith in their ability to successfully fend off a data breach or cyberattack. In the past two years, the share of those surveyed who said they were confident in their ability to protect their companies from spear-phishing attacks (fraudulent email campaigns used to trick people into handing over information) declined from 31% to 23%. When asked about their confidence in dealing with ransomware, 20% reported being confident in 2019, down from 21% two years ago.

In addition to spending more to protect against breaches, about half—49%—of those surveyed reported having some type of cyber security insurance. These insurance policies help protect against loss from both internal and external cyber crimes, according to the organizations. Over time, more companies plan to add this type of insurance, as 58% of respondents at uninsured companies reported they would begin carrying these types of protections in the next two years.

Consumers Should Continue to Be Aware of Protecting Their Own Data

While many companies are working diligently to protect the private information they hold, it's important that consumers also take the proper steps to limit their exposure to the impacts of a data breach or cyber-attack.

"Consumers should be very diligent, especially right now, in protecting themselves from identity theft," says Michael Bruemmer, vice president of data breach resolution at Experian.

"Cybercriminals are amping up their attempts on companies to take advantage of the current climate," Bruemmer continues. "There are many coronavirus-related scams popping up targeting consumers, most often through spear-phishing emails. Don't click on any links sent via email or text, change your account passwords regularly and only shop on credible websites."

Here are two things you can do to help protect your information against data breaches:

  1. Limit the number of companies you share your personal information with. Be vigilant when sharing your email, name, phone number or password. Your personal information is valuable, so consider only entering it for services you really need or want. This will help limit your exposure should a company fall victim to a data breach.
  2. Use unique passwords for all your accounts and services. When you use the same password for multiple accounts, it's like having a master key that allows anyone that gets ahold of it to access other parts of your life. Imagine your personal information—including password—for one account was stolen in a data breach. If you've used that same password elsewhere, the fraudsters can easily use it to access your other accounts. If a unique password is exposed, however, it won't give fraudsters the opportunity to attack you in other places.

If you've already had information stolen in a data breach, take these important steps:

  1. Stay alert. If your data has been compromised, you'll want to start paying close attention to areas of your life that could be impacted by the loss. Pay attention to your mail, emails and phone calls for any evidence that your information is being used fraudulently.
  2. Monitor your credit reports. If someone gets their hands on your Social Security number, you'll want to make sure that they don't open any new accounts in your name. Frequently reviewing your credit reports will help you know if any new accounts appear that you don't recognize. You can get a free copy of your credit report and view your credit score through Experian.
  3. Freeze or lock your credit file. To be extra safe, in addition to monitoring your credit reports for new accounts, you can freeze or lock your credit file with one or all of the three main credit bureaus. You can learn more about Experian's CreditLock here and more about freezing your credit here.