Loading...

7 Key Lessons From Companies That Prevented Data Breaches in 2018

Published: March 12, 2019 by Michael Bruemmer

Any responsible business manager knows that protection business and client data is a vital part of running a success organization. Now a new report identifies key factors that can improve a company’s ability to avoid hacks and prevent data breaches.

And here’s the good news: These tactics really work.

During 2018, the number of personal records exposed in data breaches soared — a total of 446.5 million pieces of data – an increase that was more than double the number of records breached during 2017, according to the Identity Theft Resource Center. The business, healthcare and financial sectors were the top three sectors hit, with hacking being the most common form of attack.

But among the companies surveyed in the latestannual study sponsored by Experian Data Breach Resolution, there are important signs of hope. Despite the startling increase in the number of records stolen by data thieves – a gain of 126 percent – the number of survey participants reporting a breach increased by just 5 percent.

This trend demonstrates that while hackers might be grabbing more data when they do manage to crack a database, the smaller increase in total breaches reported in the survey indicate that a growing number of institutions are improving their abilities to fend off cybercriminals.

What’s their secret? To encourage more effective strategies to handle and prevent breaches, “Is Your Company Ready for a Big Data Breach?” uncovers several important lessons learned from companies that are successfully insulating themselves – and their customers – from data theft.

  1. Prevention is the best response: The overarching lesson that researches found is that an effective data breach response plan starts with preventing breaches in the first place, rather than reacting after customer and business data has been stolen. Of the 643 U.S. business people surveyed who work on privacy, compliance and IT security, 29 percent reported that their organizations had prevented any breach involving more than 1,000 records for the past two years.
  2. Rate your plan: The Ponemon researchers found that the percentage of companies that find their data breach response plans to be very effective increased from 42 percent in 2016 to 52 percent in 2018. Not surprisingly, more people at organizations that didn’t report a breach rated their response plans as effective – 62 percent – while 45 percent of those at companies that suffered data theft nonetheless felt their plans were effective.
  3. Money matters: Ponemon researchers found that more investment in cybersecurity technology seemed to pay off. One of the most common factors among companies that prevented breaches was increased spending on technology to detect and prevent attacks. Of companies that prevented breaches, 73 percent increased their tech spending, versus 61 percent of those companies that were breached.
  4. No train, no gain: An even bigger improvement came from training employees and making them aware of privacy and data protection issues and practices. The likelihood of a data breach was significantly reduced when awareness training specifically targeted employees and other stakeholders in business processes who work with or access sensitive or confidential personal data. At organizations that implemented training, 79 percent avoided a breach versus 69 percent of those that were hacked.
  5. Cybersafety starts at the top: Executive engagement also matters. Making data security a priority among C-suite executives and corporate board members translates into keeping records safer. The study found that 54 percent of executives and 39 percent of directors were knowledgeable and engaged in planning data breach responses. At companies that were breached, 49 percent of executives and 32 percent of board members were involved with cybersecurity response.
  6. Sharing is caring: Another key finding in preventing breaches is that organizations that sharing their insights and experiences in handling and preventing breaches improved their cybersafety. Operations that participated in learning about data protection and hacks from industry peers and government agencies were more likely to avoid a breach – 59 percent of those who joined sharing programs didn’t suffer an attack, while 46 percent of those participating experienced a breach.
  7. Cybersafety is a process: Finally, organizations that want to stay cyber-safe might want to adopt the Boy Scout motto, “Be Prepared.” Companies that successfully prevented a data breach took several preventive measures to guard against attacks. That includes conducting regular reviews of physical security and access to confidential information, instituting third-party cybersecurity assessments, making data breach response part of their business continuity plans and creating backup websites that can be activated to provide content and information should a breach occur.

For the study, Ponemon researchers surveyed 643 professionals working in information technology and security, compliance and privacy who deal with data breach response plans in their organizations. The entire comprehensive survey of cybersecurity practices – “Sixth Annual Study: Is Your Company Ready for a Big Data Breach?” – is available to download now.

The Ponemon Institute, headquartered in Traverse City, Michigan, conducts independent research on data protection and emerging information technologies. Experian Data Breach Resolution helps businesses of all sizes manage the risk of fines, customer loss, negative press and litigation due to a breach of data, and is a subsidiary of Experian, the global leader in consumer and business credit reporting and marketing service operating in 80 countries.

Related Posts

Click fraud is a costly, often overlooked threat affecting digital businesses. Learn what it is and how behavioral analytics can help stop it.

Published: June 12, 2025 by Devon Smith

Fake IDs have been around for decades, but today’s fraudsters aren’t just printing counterfeit driver’s licenses — they’re using artificial intelligence (AI) to create synthetic identities. These AI fake IDs bypass traditional security checks, making it harder for businesses to distinguish real customers from fraudsters. To stay ahead, organizations need to rethink their fraud prevention solutions and invest in advanced tools to stop bad actors before they gain access. The growing threat of AI Fake IDs   AI-generated IDs aren’t just a problem for bars and nightclubs; they’re a serious risk across industries. Fraudsters use AI to generate high-quality fake government-issued IDs, complete with real-looking holograms and barcodes. These fake IDs can be used to commit financial fraud, apply for loans or even launder money. Emerging services like OnlyFake are making AI-generated fake IDs accessible. For $15, users can generate realistic government-issued IDs that can bypass identity verification checks, including Know Your Customer (KYC) processes on major cryptocurrency exchanges.1 Who’s at risk? AI-driven identity fraud is a growing problem for: Financial services – Fraudsters use AI-generated IDs to open bank accounts, apply for loans and commit credit card fraud. Without strong identity verification and fraud detection, banks may unknowingly approve fraudulent applications. E-commerce and retail – Fake accounts enable fraudsters to make unauthorized purchases, exploit return policies and commit chargeback fraud. Businesses relying on outdated identity verification methods are especially vulnerable. Healthcare and insurance – Fraudsters use fake identities to access medical services, prescription drugs or insurance benefits, creating both financial and compliance risks. The rise of synthetic ID fraud Fraudsters don’t just stop at creating fake IDs — they take it a step further by combining real and fake information to create entirely new identities. This is known as synthetic ID fraud, a rapidly growing threat in the digital economy. Unlike traditional identity theft, where a criminal steals an existing person’s information, synthetic identity fraud involves fabricating an identity that has no real-world counterpart. This makes detection more difficult, as there’s no individual to report fraudulent activity. Without strong synthetic fraud detection measures in place, businesses may unknowingly approve loans, credit cards or accounts for these fake identities. The deepfake threat AI-powered fraud isn’t limited to generating fake physical IDs. Fraudsters are also using deepfake technology to impersonate real people. With advanced AI, they can create hyper-realistic photos, videos and voice recordings to bypass facial recognition and biometric verification. For businesses relying on ID document scans and video verification, this can be a serious problem. Fraudsters can: Use AI-generated faces to create entirely fake identities that appear legitimate Manipulate real customer videos to pass live identity checks Clone voices to trick call centers and voice authentication systems As deepfake technology improves, businesses need fraud prevention solutions that go beyond traditional ID verification. AI-powered synthetic fraud detection can analyze biometric inconsistencies, detect signs of image manipulation and flag suspicious behavior. How businesses can combat AI fake ID fraud Stopping AI-powered fraud requires more than just traditional ID checks. Businesses need to upgrade their fraud defenses with identity solutions that use multidimensional data, advanced analytics and machine learning to verify identities in real time. Here’s how: Leverage AI-powered fraud detection – The same AI capabilities that fraudsters use can also be used against them. Identity verification systems powered by machine learning can detect anomalies in ID documents, biometrics and user behavior. Implement robust KYC solutions – KYC protocols help businesses verify customer identities more accurately. Enhanced KYC solutions use multi-layered authentication methods to detect fraudulent applications before they’re approved. Adopt real-time fraud prevention solutions – Businesses should invest in fraud prevention solutions that analyze transaction patterns and device intelligence to flag suspicious activity. Strengthen synthetic identity fraud detection – Detecting synthetic identities requires a combination of behavioral analytics, document verification and cross-industry data matching. Advanced synthetic fraud detection tools can help businesses identify and block synthetic identities. Stay ahead of AI fraudsters AI-generated fake IDs and synthetic identities are evolving, but businesses don’t have to be caught off guard. By investing in identity solutions that leverage AI-driven fraud detection, businesses can protect themselves from costly fraud schemes while ensuring a seamless experience for legitimate customers. At Experian, we combine cutting-edge fraud prevention, KYC and authentication solutions to help businesses detect and prevent AI-generated fake ID and synthetic ID fraud before they cause damage. Our advanced analytics, machine learning models and real-time data insights provide the intelligence businesses need to outsmart fraudsters. Learn more *This article includes content created by an AI language model and is intended to provide general information. 1 https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/

Published: March 20, 2025 by Julie Lee

Financial institutions can help protect clients by educating them on the warning signs of fraudulent lottery scams.

Published: March 12, 2025 by Alex Lvoff