Loading...

Data Breach Preparedness Study: Good News, Bad News, and an Empowering Conclusion

Published: September 30, 2014 by Michael Bruemmer

Our second annual data breach preparedness study,Is Your Company Ready for a Big Breach?, conducted by the Ponemon Institute, reveals good news and bad news for businesses concerned with data security—and that should be all business. First, the good news: more companies are acting to address data breach risks.

  • The majority (73%) oforganizations now have a data breach response plan in place – 12 percent more than in 2012.
  • And nearly half (48%) have boosted investment in security technologies in the past 12 months, aiming to better detect and respond to a data breach.

Now, for the not-so-good news: they’re not doing enough, and don’t have confidence in the effectiveness of their current measures.

Survey results illustrate that not everyone is taking all the necessary steps to prepare for a data breach:

  • A majority of 78 percent don’tregularly update their data breach response plans to address evolving threats.
  • About two-thirds don’t have trained customer service staff who can respond to customer questions, concerns or complaints if a breach occurs.
  • Only 29 percent of companies involve the CEO in dealing with security risks.
  • Nearly three-quarters don’t have cyber insurance policies.
  • Just 44 percent conducted a technical impact assessment to understand potential fallout from an incident.
  • Less than a third had SIEM systems to facilitate early detection of an incident.
  • 66 percent lack Mobile Device Management (MDM) to protect sensitive information from being pushed to mobile devices.

Those who have made provisions don’t necessarily feel more secure because of them:

  • 62 percent don’t feel their organizations are prepared to respond to a data breach.
  • 49 percent didn’t feel they were prepared to respond to the theft of information that would requirenotification to victims and regulators.
  • Just a quarter were confident they could communicate about a breach and manage customer needs.
  • 40 percent worry about the potential for a third party losing their data.
  • Insider threats concern 56 percent, with 43 percent citing BYOD and cloud services as their top two internal threat concerns.

As to post-breach response, we are pleased to see however that companies are well aware of the importance of providing customers involved in a breach with identity theft protection products and access to a call center; in fact, they cited those two as the most important services companies could provide post-breach.

Many of the concerns companies expressed over data breach preparedness and response – and in particular, worries over customer communication and regulatory compliance – can be addressed by preparing a response plan and practicing the plan on an ongoing basis. It’s also important to secure external partners such as legal counsel and a public relations firm, and make a selection of a quality identity protection product to offer affected customers ahead of time. When a breach occurs, the complete response team and moving parts are ready to allow for a quick and smooth response.

Related Posts

Click fraud is a costly, often overlooked threat affecting digital businesses. Learn what it is and how behavioral analytics can help stop it.

Published: June 12, 2025 by Devon Smith

Fake IDs have been around for decades, but today’s fraudsters aren’t just printing counterfeit driver’s licenses — they’re using artificial intelligence (AI) to create synthetic identities. These AI fake IDs bypass traditional security checks, making it harder for businesses to distinguish real customers from fraudsters. To stay ahead, organizations need to rethink their fraud prevention solutions and invest in advanced tools to stop bad actors before they gain access. The growing threat of AI Fake IDs   AI-generated IDs aren’t just a problem for bars and nightclubs; they’re a serious risk across industries. Fraudsters use AI to generate high-quality fake government-issued IDs, complete with real-looking holograms and barcodes. These fake IDs can be used to commit financial fraud, apply for loans or even launder money. Emerging services like OnlyFake are making AI-generated fake IDs accessible. For $15, users can generate realistic government-issued IDs that can bypass identity verification checks, including Know Your Customer (KYC) processes on major cryptocurrency exchanges.1 Who’s at risk? AI-driven identity fraud is a growing problem for: Financial services – Fraudsters use AI-generated IDs to open bank accounts, apply for loans and commit credit card fraud. Without strong identity verification and fraud detection, banks may unknowingly approve fraudulent applications. E-commerce and retail – Fake accounts enable fraudsters to make unauthorized purchases, exploit return policies and commit chargeback fraud. Businesses relying on outdated identity verification methods are especially vulnerable. Healthcare and insurance – Fraudsters use fake identities to access medical services, prescription drugs or insurance benefits, creating both financial and compliance risks. The rise of synthetic ID fraud Fraudsters don’t just stop at creating fake IDs — they take it a step further by combining real and fake information to create entirely new identities. This is known as synthetic ID fraud, a rapidly growing threat in the digital economy. Unlike traditional identity theft, where a criminal steals an existing person’s information, synthetic identity fraud involves fabricating an identity that has no real-world counterpart. This makes detection more difficult, as there’s no individual to report fraudulent activity. Without strong synthetic fraud detection measures in place, businesses may unknowingly approve loans, credit cards or accounts for these fake identities. The deepfake threat AI-powered fraud isn’t limited to generating fake physical IDs. Fraudsters are also using deepfake technology to impersonate real people. With advanced AI, they can create hyper-realistic photos, videos and voice recordings to bypass facial recognition and biometric verification. For businesses relying on ID document scans and video verification, this can be a serious problem. Fraudsters can: Use AI-generated faces to create entirely fake identities that appear legitimate Manipulate real customer videos to pass live identity checks Clone voices to trick call centers and voice authentication systems As deepfake technology improves, businesses need fraud prevention solutions that go beyond traditional ID verification. AI-powered synthetic fraud detection can analyze biometric inconsistencies, detect signs of image manipulation and flag suspicious behavior. How businesses can combat AI fake ID fraud Stopping AI-powered fraud requires more than just traditional ID checks. Businesses need to upgrade their fraud defenses with identity solutions that use multidimensional data, advanced analytics and machine learning to verify identities in real time. Here’s how: Leverage AI-powered fraud detection – The same AI capabilities that fraudsters use can also be used against them. Identity verification systems powered by machine learning can detect anomalies in ID documents, biometrics and user behavior. Implement robust KYC solutions – KYC protocols help businesses verify customer identities more accurately. Enhanced KYC solutions use multi-layered authentication methods to detect fraudulent applications before they’re approved. Adopt real-time fraud prevention solutions – Businesses should invest in fraud prevention solutions that analyze transaction patterns and device intelligence to flag suspicious activity. Strengthen synthetic identity fraud detection – Detecting synthetic identities requires a combination of behavioral analytics, document verification and cross-industry data matching. Advanced synthetic fraud detection tools can help businesses identify and block synthetic identities. Stay ahead of AI fraudsters AI-generated fake IDs and synthetic identities are evolving, but businesses don’t have to be caught off guard. By investing in identity solutions that leverage AI-driven fraud detection, businesses can protect themselves from costly fraud schemes while ensuring a seamless experience for legitimate customers. At Experian, we combine cutting-edge fraud prevention, KYC and authentication solutions to help businesses detect and prevent AI-generated fake ID and synthetic ID fraud before they cause damage. Our advanced analytics, machine learning models and real-time data insights provide the intelligence businesses need to outsmart fraudsters. Learn more *This article includes content created by an AI language model and is intended to provide general information. 1 https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/

Published: March 20, 2025 by Julie Lee

Financial institutions can help protect clients by educating them on the warning signs of fraudulent lottery scams.

Published: March 12, 2025 by Alex Lvoff