Tag: data breaches

When it comes to online personal data, the majority of Americans believe it has become more and more difficult to control who has access to that information.[1] And as international data breaches continue to feed the dark web, the cost is high for consumers. Identity theft by the numbers At least 16 billion records have been exposed through data breaches since 2019, and 31% of data breach victims later have their identity stolen[2]. The cost of obtaining a full range of documents and account details allowing identity theft is about $1,275.[3] With a 290% increase in stolen data found on the dark web in the past three years, monitoring is a must-have for data-driven service providers[4]. Now more than ever, consumers expect businesses that collect their information to keep it secure. A solution for your customers Here’s the good news: Experian CyberAgent® is a proprietary, patented dark web technology that proactively detects compromised confidential data online around the world. With more than 21 billion records found, this software is designed for proactive cyber detection on an international level. CyberAgent® monitors a variety of identity elements and captures all the data being exchanged, including: Social Security numbers National identification numbers Email addresses/ domains and phone numbers Medical identifications numbers Passport and driver’s license numbers Credit/debit card information Retail card numbers Bank account and routing numbers International banking numbers Global protection As the only internet surveillance tool that can match data on an international level, CyberAgent® breaks language barriers and detects identity theft across the globe. By monitoring thousands of websites and millions of data points, this technology enables you to notify your customers if a match to their monitored personal information is found. Alert your customers before they become a victim of identity theft and offer unrivaled protection from dark web threats. Click here to learn more [1]Ipsos. 2022. Most Americans say it is increasingly difficult to control who can access their online data. [2]Selfkey. 2020. All Data Breaches in 2019 – 2022 – An Alarming Timeline. [3]Privacy Affairs. 2020. Dark Web Price Index 2020. [4]Experian CyberAgent® monitoring counts as of June 2022.

When a cybersecurity incident occurs, will your organization’s data breach response contribute to customer retention or undermine it? Multiple studies and surveys illustrate that how well a company supports consumers in the wake of a security event directly affects customers’ perceptions of and loyalty to the breached company. Consumers expect companies to help them manage the potential and real fallout of a data breach. Failing to do so can increase post-breach churn, whereas successfully helping consumers can equate to greater retention. In particular, offering monitoring services to customers affected by a cybersecurity incident could make the difference between retaining those customers and their good will, or losing them to the competition. Consumer impact Research by Experian Data Breach Resolution and our partners reveals how data breaches affect consumers: 76 percent of consumers who’ve experienced a data breach cite stress as the primary consequence. 39 percent cite the time they had to spend resolving problems caused by the breach as the worst consequence. Nearly half of those affected by a data breach feel it will put their identities at risk for years to come. Consumers want companies to step up after a breach and provide identity theft protection (63 percent), credit monitoring (58 percent) and even compensation in the form of cash, products or services (67 percent). Four out of every five consumers who received a data breach notification continued to do business with the company through which their information was compromised, but they didn’t necessarily stay because they were satisfied. Just 45 percent of consumers say they continued doing business with the company because they were happy with the way the company resolved the data breach. Instead, 67 percent said they stayed because going elsewhere was just too difficult, and 61 percent thought moving their business wouldn’t give them access to any greater security since data breaches are unavoidable. If you provide it… Even more compelling for the case in favor of offering post-breach monitoring services to affected consumers is this statistic from our research: Nearly three quarters (72 percent) of breached consumers take action after being notified of a breach, including updating their anti-virus software and reviewing online account activity or security policies. Twenty-nine percent accepted offers of free identity protection services. Consumers are increasingly aware that being caught up in a data breach can increase their risk of experiencing identity theft, either immediately following the event or in the future. They are willing to take steps to protect themselves, and they want breached companies to help them. Providing post-breach monitoring services can help protect consumers from the possibility of identity theft related to the breach, and help protect companies from the loss of business that can result when customers feel the organization hasn’t done enough to aid them. Learn more about our Data Breach services

What keeps your cyber security team up at night, and does it weigh equally on the minds of managers? Do they lose sleep worrying about malicious attacks from outside your organization? Or do they fear a careless employee will leave a laptop in an unlocked car or use an unsecured personal mobile device to access proprietary company information? Employee-related security risks are the top concern for security professionals, our new study, Managing Insider Risk Through Training & Culture, found. The Ponemon Institute polled more than 600 information security professionals at companies that have a data protection and privacy training program. The study found that while 55 percent of those surveyed have already had a malicious or negligent employee cause a security incident, few are taking adequate steps to improve security from within. Not on the same page One reason for this could be the imbalance between how the IT department perceives employee risk and how the C-suite does. While 66 percent of security professionals view employee-related risk as the biggest security threat, just 35 percent of them say their senior managers share that view. They may also feel less able to catch slip-ups versus intentional acts; security pros are far more concerned that an employee will unintentionally cause an incident than they are about workers potentially perpetrating malicious attacks. Often, companies focus their cyber security efforts on preventing, catching and remedying intentional attacks. And while they can do much to reduce the risk of employees unintentionally causing an incident, few companies are doing everything they can. Less than half (46 percent) of the surveyed companies require cyber security training for all employees, and 60 percent don’t make employees retrain after a data breach. Actionable suggestions for teachable moments The problem of employee-related security risks is not unsolvable. Companies need to take steps to create a culture of security at every level of their organizations. These steps should include: Requiring mandatory advanced-level training for all full and part-time employees and contract workers. Typically, companies that do provide training don’t require it for all employees, or they take a tiered approach that fails to provide all employees with a comprehensive understanding of the risks. Our study found just 43 percent of companies provide only one basic course for all employees. Basic courses often omit significant risks that can lead to a data breach. What’s more, retraining needs to occur on an ongoing basis, as new threats emerge in the cyber security realm. Retraining is especially important following a breach, when employees’ awareness of cyber security risks is highest. Establishing and enforcing a system of carrots and sticks. More than half (56 percent) of companies deal with an employee’s careless handling of data by having that employee meet one-on-one with a superior, and 51 percent have them meet with an IT security person. Less than half (45 percent) give formal reprimands, 19 percent demote the employee, and 16 percent cut salary, bonuses or incentives. However, sticks are only half the solution. Companies also need to incentivize employees to be cognizant of cyber security and few are doing a good job of it. In fact, 67 percent do nothing at all to encourage employees to proactively protect data. Employees should be a company’s greatest asset. With the right training and an ongoing emphasis on cyber security, every member of your corporate team can help reduce your organization’s risk of a negligence-related cyber security incident. Download the report

While technology undoubtedly has made accessing medical information much easier and faster, it also has also provided an increased potential for medical data breaches especially as health personnel begin to use unsecure mobile devices for personal and work use.  With an increase in health care employees using their own tablets and smartphones in the workplace, many healthcare companies are considering adopting a Bring Your Own Device (BYOD) policy.  However, many companies have failed to implement mobile data breach protection, breaking the HIPAA Security Rule which requires healthcare companies to perform a risk analysis of the processes by which they protect the confidentiality of electronic patient health information maintained by their organization.  Companies are required to use the information gathered from the analysis to take measures to ensure the confidentiality of patient data and to reduce risks to a reasonable level.  If companies don’t comply and there is a data security breach, they can be heavily fined by the U.S. Department of Health & Human Services. Just recently, a teaching hospital and medical practice associated with a large university was fined $1.5 million in a data breach of patient information when a laptop computer containing unencrypted data on 3,621 patients and research subjects was stolen.  Hospital and practice officials were found guilty of violating the HIPAA Security Rule by not implementing data protection and security on their mobile devices.  The loss of laptops, portable storage gadgets like thumb drives and cell phones have already cost insurance companies, drugstores, medical practices and even a government health and social services department, millions of dollars in fines. Unfortunately, this troubling trend doesn’t just affect the medical industry.  In August 2012, Coalfire (a firm that provides IT audit and risk assessment) surveyed 400 individuals across North America covering a variety of industries about their company’s mobile device security practices. The data revealed that many organizations lack policies addressing mobile cyber security threats. Download our Free Data Breach Response Guide Key statistics from the survey: 84 percent use the same smartphone for personal and work usage. 47 percent don’t have a password on their mobile phone. 51 percent said their companies cannot remotely wipe data from mobile devices if they are lost or stolen. 49 percent said their IT departments have not discussed mobile/cyber security with them. Clearly, companies are not doing enough to protect themselves and their employees from the expensive cost of a data breach.  As mobile devices become popular and less expensive, workers will naturally want to use them for their jobs.  Therefore, it is prudent for companies to adopt business data breach protection and security policies to protect not only their company data but also their pocketbook.

Within the world of cyber security, a great deal of attention has been focused lately on the escalating hazards and frequency of data breaches, with considerable discussion on the high cost of such breaches.  But as the industry has assessed the financial toll of breaches, it has never taken into account how data breaches harm reputations, brand image, and consequently a company's bottom line. Until now. A recently released Ponemon Institute study, sponsored by Experian’s Data Breach Resolution and believed to be the first of its kind, explores the “Reputation Impact of a Data Breach” to provide more context for the full scope of data breaches.  The findings draw enlightening conclusions around the financial toll that data breaches wreak upon harmed corporate reputations, including these key takeaways: Reputation is one of an organization’s most important and valuable assets. Reputation and brand image are perceived as very valuable…and highly vulnerable to negative events, including a data breach. Calculating the value of reputation and brand reveals how valuable these assets are to an organization. The average value of brand and reputation for the study’s participating organizations was determined to be approximately $1.5 billion.  Depending upon the type of information lost as a result of the breach, the average loss in the value of the brand ranged from $184 million to more than $330 million. Depending upon the type of breach, the value of brand and reputation could decline as much as 17 percent to 31 percent. Not all data breaches are equal. Some breaches are more devastating than others to an organization’s reputation and brand image, with the loss or theft of customer information ranked as the most devastating (followed by confidential financial business information and confidential non-financial business information). Data breaches occur in most organizations represented in this study and have at least a moderate or a significant impact on reputation and brand image. According to 82 percent of respondents, their organizations had a data breach involving sensitive or confidential information.  Fifty-three percent say the data breaches had a moderate impact on reputation and brand image and 23 percent say it was significant. Most organizations in the study have had a data breach involving the theft of sensitive or confidential business information. On average these types of breaches have occurred 2.9 times in surveyed organizations, with the theft or loss of confidential financial information having the most significant impact on reputation and brand. Respondents strongly believe in understanding the root cause of the breach and protecting victims from identity theft. When asked what their organizations did following a breach to preserve or restore brand and reputation, the top three steps are: conduct investigations and forensics, work closely with law enforcement and protect those affected from potential harms such as identity theft. The Ponemon study clearly shows that when data breaches occur, the collateral damage of a company’s brand and reputation become significant hard costs that must be factored into the total financial loss. Download the Ponemon Reputation Impact Study