Loading...

Data Breach Preparedness Study: Good News, Bad News, and an Empowering Conclusion

Published: September 30, 2014 by Michael Bruemmer

Our second annual data breach preparedness study,Is Your Company Ready for a Big Breach?, conducted by the Ponemon Institute, reveals good news and bad news for businesses concerned with data security—and that should be all business. First, the good news: more companies are acting to address data breach risks.

  • The majority (73%) oforganizations now have a data breach response plan in place – 12 percent more than in 2012.
  • And nearly half (48%) have boosted investment in security technologies in the past 12 months, aiming to better detect and respond to a data breach.

Now, for the not-so-good news: they’re not doing enough, and don’t have confidence in the effectiveness of their current measures.

Survey results illustrate that not everyone is taking all the necessary steps to prepare for a data breach:

  • A majority of 78 percent don’tregularly update their data breach response plans to address evolving threats.
  • About two-thirds don’t have trained customer service staff who can respond to customer questions, concerns or complaints if a breach occurs.
  • Only 29 percent of companies involve the CEO in dealing with security risks.
  • Nearly three-quarters don’t have cyber insurance policies.
  • Just 44 percent conducted a technical impact assessment to understand potential fallout from an incident.
  • Less than a third had SIEM systems to facilitate early detection of an incident.
  • 66 percent lack Mobile Device Management (MDM) to protect sensitive information from being pushed to mobile devices.

Those who have made provisions don’t necessarily feel more secure because of them:

  • 62 percent don’t feel their organizations are prepared to respond to a data breach.
  • 49 percent didn’t feel they were prepared to respond to the theft of information that would requirenotification to victims and regulators.
  • Just a quarter were confident they could communicate about a breach and manage customer needs.
  • 40 percent worry about the potential for a third party losing their data.
  • Insider threats concern 56 percent, with 43 percent citing BYOD and cloud services as their top two internal threat concerns.

As to post-breach response, we are pleased to see however that companies are well aware of the importance of providing customers involved in a breach with identity theft protection products and access to a call center; in fact, they cited those two as the most important services companies could provide post-breach.

Many of the concerns companies expressed over data breach preparedness and response – and in particular, worries over customer communication and regulatory compliance – can be addressed by preparing a response plan and practicing the plan on an ongoing basis. It’s also important to secure external partners such as legal counsel and a public relations firm, and make a selection of a quality identity protection product to offer affected customers ahead of time. When a breach occurs, the complete response team and moving parts are ready to allow for a quick and smooth response.

Related Posts

Tenant screening fraud is rising, with falsified paystubs and AI-generated documents driving risk. Learn how income and employment verification tools powered by observed data improve fraud detection, reduce costs, and streamline tenant screening.

Published: September 4, 2025 by Ted Wentzel

In today’s digital lending landscape, fraudsters are more sophisticated, coordinated, and relentless than ever. For companies like Terrace Finance — a specialty finance platform connecting over 5,000 merchants, consumers, and lenders — effectively staying ahead of these threats is a major competitive advantage. That is why Terrace Finance partnered with NeuroID, a part of Experian, to bring behavioral analytics into their fraud prevention strategy. It has given Terrace’s team a proactive, real-time defense that is transforming how they detect and respond to attacks — potentially stopping fraud before it ever reaches their lending partners. The challenge: Sophisticated fraud in a high-stakes ecosystem Terrace Finance operates in a complex environment, offering financing across a wide range of industries and credit profiles. With applications flowing in from countless channels, the risk of fraud is ever-present. A single fraudulent transaction can damage lender relationships or even cut off financing access for entire merchant groups. According to CEO Andy Hopkins, protecting its partners is a top priority for Terrace:“We know that each individual fraud attack can be very costly for merchants, and some merchants will get shut off from their lending partners because fraud was let through ... It is necessary in this business to keep fraud at a tolerable level, with the ultimate goal to eliminate it entirely.” Prior to NeuroID, Terrace was confident in its ability to validate submitted data. But with concerns about GenAI-powered fraud growing, including the threat of next-generation fraud bots, Terrace sought out a solution that could provide visibility into how data was being entered and detect risk before applications are submitted. The solution: Behavioral analytics from NeuroID via Experian After integrating NeuroID through Experian’s orchestration platform, Terrace gained access to real-time behavioral signals that detected fraud before data was even submitted. Just hours after Terrace turned NeuroID on, behavioral signals revealed a major attack in progress — NeuroID enabled Terrace to respond faster than ever and reduce risk immediately. “Going live was my most nerve-wracking day. We knew we would see data that we have never seen before and sure enough, we were right in the middle of an attack,” Hopkins said. “We thought the fraud was a little more generic and a little more spread out. What we found was much more coordinated activities, but this also meant we could bring more surgical solutions to the problem instead of broad strokes.” Terrace has seen significant results with NeuroID in place, including: Together, NeuroID and Experian enabled Terrace to build a layered, intelligent fraud defense that adapts in real time. A partnership built on innovation Terrace Finance’s success is a testament to what is  possible when forward-thinking companies partner with innovative technology providers. With Experian’s fraud analytics and NeuroID’s behavioral intelligence, they have built a fraud prevention strategy that is proactive, precise, and scalable. And they are not stopping there. Terrace is now working with Experian to explore additional tools and insights across the ecosystem, continuing to refine their fraud defenses and deliver the best possible experience for genuine users. “We use the analogy of a stream,” Hopkins explained. “Rocks block the flow, and as you remove them, it flows better. But that means smaller rocks are now exposed. We can repeat these improvements until the water flows smoothly.” Learn more about Terrace Finance and NeuroID Want more of the story? Read the full case study to explore how behavioral analytics provided immediate and long-term value to Terrace Finance’s innovative fraud prevention strategy. Read case study

Published: September 3, 2025 by Allison Lemaster

BIN attacks are a growing threat in today’s digital payments ecosystem. Learn how to mitigate these attacks to reduce losses.

Published: August 27, 2025 by Theresa Nguyen