Loading...

7 Key Lessons From Companies That Prevented Data Breaches in 2018

Published: March 12, 2019 by Michael Bruemmer

Any responsible business manager knows that protection business and client data is a vital part of running a success organization. Now a new report identifies key factors that can improve a company’s ability to avoid hacks and prevent data breaches.

And here’s the good news: These tactics really work.

During 2018, the number of personal records exposed in data breaches soared — a total of 446.5 million pieces of data – an increase that was more than double the number of records breached during 2017, according to the Identity Theft Resource Center. The business, healthcare and financial sectors were the top three sectors hit, with hacking being the most common form of attack.

But among the companies surveyed in the latestannual study sponsored by Experian Data Breach Resolution, there are important signs of hope. Despite the startling increase in the number of records stolen by data thieves – a gain of 126 percent – the number of survey participants reporting a breach increased by just 5 percent.

This trend demonstrates that while hackers might be grabbing more data when they do manage to crack a database, the smaller increase in total breaches reported in the survey indicate that a growing number of institutions are improving their abilities to fend off cybercriminals.

What’s their secret? To encourage more effective strategies to handle and prevent breaches, “Is Your Company Ready for a Big Data Breach?” uncovers several important lessons learned from companies that are successfully insulating themselves – and their customers – from data theft.

  1. Prevention is the best response: The overarching lesson that researches found is that an effective data breach response plan starts with preventing breaches in the first place, rather than reacting after customer and business data has been stolen. Of the 643 U.S. business people surveyed who work on privacy, compliance and IT security, 29 percent reported that their organizations had prevented any breach involving more than 1,000 records for the past two years.
  2. Rate your plan: The Ponemon researchers found that the percentage of companies that find their data breach response plans to be very effective increased from 42 percent in 2016 to 52 percent in 2018. Not surprisingly, more people at organizations that didn’t report a breach rated their response plans as effective – 62 percent – while 45 percent of those at companies that suffered data theft nonetheless felt their plans were effective.
  3. Money matters: Ponemon researchers found that more investment in cybersecurity technology seemed to pay off. One of the most common factors among companies that prevented breaches was increased spending on technology to detect and prevent attacks. Of companies that prevented breaches, 73 percent increased their tech spending, versus 61 percent of those companies that were breached.
  4. No train, no gain: An even bigger improvement came from training employees and making them aware of privacy and data protection issues and practices. The likelihood of a data breach was significantly reduced when awareness training specifically targeted employees and other stakeholders in business processes who work with or access sensitive or confidential personal data. At organizations that implemented training, 79 percent avoided a breach versus 69 percent of those that were hacked.
  5. Cybersafety starts at the top: Executive engagement also matters. Making data security a priority among C-suite executives and corporate board members translates into keeping records safer. The study found that 54 percent of executives and 39 percent of directors were knowledgeable and engaged in planning data breach responses. At companies that were breached, 49 percent of executives and 32 percent of board members were involved with cybersecurity response.
  6. Sharing is caring: Another key finding in preventing breaches is that organizations that sharing their insights and experiences in handling and preventing breaches improved their cybersafety. Operations that participated in learning about data protection and hacks from industry peers and government agencies were more likely to avoid a breach – 59 percent of those who joined sharing programs didn’t suffer an attack, while 46 percent of those participating experienced a breach.
  7. Cybersafety is a process: Finally, organizations that want to stay cyber-safe might want to adopt the Boy Scout motto, “Be Prepared.” Companies that successfully prevented a data breach took several preventive measures to guard against attacks. That includes conducting regular reviews of physical security and access to confidential information, instituting third-party cybersecurity assessments, making data breach response part of their business continuity plans and creating backup websites that can be activated to provide content and information should a breach occur.

For the study, Ponemon researchers surveyed 643 professionals working in information technology and security, compliance and privacy who deal with data breach response plans in their organizations. The entire comprehensive survey of cybersecurity practices – “Sixth Annual Study: Is Your Company Ready for a Big Data Breach?” – is available to download now.

The Ponemon Institute, headquartered in Traverse City, Michigan, conducts independent research on data protection and emerging information technologies. Experian Data Breach Resolution helps businesses of all sizes manage the risk of fines, customer loss, negative press and litigation due to a breach of data, and is a subsidiary of Experian, the global leader in consumer and business credit reporting and marketing service operating in 80 countries.

Related Posts

Tenant screening fraud is rising, with falsified paystubs and AI-generated documents driving risk. Learn how income and employment verification tools powered by observed data improve fraud detection, reduce costs, and streamline tenant screening.

Published: September 4, 2025 by Ted Wentzel

In today’s digital lending landscape, fraudsters are more sophisticated, coordinated, and relentless than ever. For companies like Terrace Finance — a specialty finance platform connecting over 5,000 merchants, consumers, and lenders — effectively staying ahead of these threats is a major competitive advantage. That is why Terrace Finance partnered with NeuroID, a part of Experian, to bring behavioral analytics into their fraud prevention strategy. It has given Terrace’s team a proactive, real-time defense that is transforming how they detect and respond to attacks — potentially stopping fraud before it ever reaches their lending partners. The challenge: Sophisticated fraud in a high-stakes ecosystem Terrace Finance operates in a complex environment, offering financing across a wide range of industries and credit profiles. With applications flowing in from countless channels, the risk of fraud is ever-present. A single fraudulent transaction can damage lender relationships or even cut off financing access for entire merchant groups. According to CEO Andy Hopkins, protecting its partners is a top priority for Terrace:“We know that each individual fraud attack can be very costly for merchants, and some merchants will get shut off from their lending partners because fraud was let through ... It is necessary in this business to keep fraud at a tolerable level, with the ultimate goal to eliminate it entirely.” Prior to NeuroID, Terrace was confident in its ability to validate submitted data. But with concerns about GenAI-powered fraud growing, including the threat of next-generation fraud bots, Terrace sought out a solution that could provide visibility into how data was being entered and detect risk before applications are submitted. The solution: Behavioral analytics from NeuroID via Experian After integrating NeuroID through Experian’s orchestration platform, Terrace gained access to real-time behavioral signals that detected fraud before data was even submitted. Just hours after Terrace turned NeuroID on, behavioral signals revealed a major attack in progress — NeuroID enabled Terrace to respond faster than ever and reduce risk immediately. “Going live was my most nerve-wracking day. We knew we would see data that we have never seen before and sure enough, we were right in the middle of an attack,” Hopkins said. “We thought the fraud was a little more generic and a little more spread out. What we found was much more coordinated activities, but this also meant we could bring more surgical solutions to the problem instead of broad strokes.” Terrace has seen significant results with NeuroID in place, including: Together, NeuroID and Experian enabled Terrace to build a layered, intelligent fraud defense that adapts in real time. A partnership built on innovation Terrace Finance’s success is a testament to what is  possible when forward-thinking companies partner with innovative technology providers. With Experian’s fraud analytics and NeuroID’s behavioral intelligence, they have built a fraud prevention strategy that is proactive, precise, and scalable. And they are not stopping there. Terrace is now working with Experian to explore additional tools and insights across the ecosystem, continuing to refine their fraud defenses and deliver the best possible experience for genuine users. “We use the analogy of a stream,” Hopkins explained. “Rocks block the flow, and as you remove them, it flows better. But that means smaller rocks are now exposed. We can repeat these improvements until the water flows smoothly.” Learn more about Terrace Finance and NeuroID Want more of the story? Read the full case study to explore how behavioral analytics provided immediate and long-term value to Terrace Finance’s innovative fraud prevention strategy. Read case study

Published: September 3, 2025 by Allison Lemaster

BIN attacks are a growing threat in today’s digital payments ecosystem. Learn how to mitigate these attacks to reduce losses.

Published: August 27, 2025 by Theresa Nguyen