Tag: data security

Review of Findings & Front-line Insights Panel Participants: Richard Goldberg (Moderator) – Constangy, Brooks, Smith & Prophete, LLP Michael Bruemmer – Experian Sean Renshw – RSM US, LLP Mark Greisiger – NetDiligence About NetDiligence Cyber Claims Study It is NetDiligence’s 13th year of doing this Cyber Claims Study. A total of 9,028 claims were analyzed during the past five years 2018-2022.An observation from the over 9,000 Cyber Claims (5000 of which are brand new claims this past year in 2023) analyzed is while many of the categories over the last five years have remained the same, the data has changed, sometimes dramatically. About Experian We provide call center coverage, notification coverage, as well as, identity theft protection, and all the consumer resolutions that go along with it for about 5000 data breaches every year, and I was delighted to be on the panel. Key Insights Experian has proudly sponsored the annual NetDiligence Cyber Claims Study for three years. During this time, I’ve witnessed companies adapt and transform their operations to confront the growing tide of cyber threats. The evolution of their infrastructure to anticipate and respond to these challenges has been remarkable and necessary. However, despite my front-row seat in this fast-changing landscape, the results of each study never fail to surprise and intrigue me. The insights from the latest study, conducted in 2023, continue to shape our understanding of the evolving cyber landscape. Ransomware’s Dominance Mark kicked off the discussion by shedding light on the escalating costs associated with cyber incidents. In 2022, the average incident cost for SME organizations remained stable at $169,000 (similar to the combined five-year window from 2018 to 2022 at about 175,000). However, there was a substantial increase for large companies, reaching $20.3 million in 2022 (and if you look at the five-year average, it was about 13 million). This surge raised eyebrows and set the stage for a deep dive into ransomware, a leading cause of concern. Examining Ransomware Trends The conversation swiftly shifted to ransomware, a pervasive threat in the cyber insurance landscape. As I stated, at Experian we see a correlation between the rise in ransomware and third-party breaches. Most of the industry experts on the panel participate in a Ransomware Advisory Group together. Mark brought up a good insight from our advisory group on the brazen tactics employed by threat actors lately, showcasing their intimate knowledge of the cyber insurance world. Business Sectors Under Siege Richard and Sean added to the discussion the top ten business sectors affected by ransomware, with professional services leading the pack. The impact on technology, with a payout of $830,000, stood out as well. Beyond Ransomware The conversation broadened to encompass other types of losses, such as social engineering and business email compromise. The focus on business interruption emerged as a key concern for cyber insurance claims, with the industry grappling with criminal acts versus non-criminal acts. Looking Ahead As the discussion unfolded, industry experts, including myself, expressed eagerness to anticipate the future cyber landscape. Predictions range from the industry mutating to the emergence of new players in the nation-state game. The role of artificial intelligence and innovative solutions from new vendors becomes a focal point of interest. In conclusion, the NetDiligence Cyber Claims Study 2023 Report paints a vivid picture of the challenges and transformations within the cyber insurance domain. The increasing sophistication of threat actors, coupled with evolving business strategies, sets the stage for continuous adaptation and innovation in the fight against cyber threats. As we look ahead, the resilience of businesses and the collaboration between industry stakeholders will play a pivotal role in shaping the cybersecurity landscape. I invite you to access the report and view the discussion replay for a deeper understanding of the challenges and transformations within the cyber insurance claims domain. Get NetDiligece Cyber Claims Study resources on-demand now! Download the report Watch the webinar NetDiligence’s latest Cyber Claims Study and Webinar, sponsored by Experian Data Breach, is available on-demand. This report serves as a resounding call to action, prompting businesses to ready themselves against cyber threats. Dive in to get insights and stay one step ahead of cyber adversaries.

In the fast-paced world of cybersecurity, the ability to anticipate and adapt to emerging threats is not just a competitive advantage—it’s a business imperative. As we release our 11th annual “Experian 2024 Data Breach Industry Forecast,” we invite you to embark on a journey into the future of data breaches, a journey that promises to empower data breach professionals, cyber experts, and industry leaders alike. A Glimpse into Tomorrow’s Threat Landscape Our team of experts has meticulously examined the current cybersecurity landscape to identify the trends that will shape the industry in the coming year. The “Experian 2024 Data Breach Industry Forecast” provides a roadmap for staying ahead of these challenges, arming you with the insights needed to fortify your organization’s defenses. Six Pivotal Predictions: Decoding the Future Within the report, we unveil six pivotal predictions that promise to redefine the landscape of data breaches. While we can’t reveal all the details here, we’ll offer a sneak peek to whet your appetite: Six Degrees of Separation: There’s no question that third-party data breaches this year made headlines. Delve into the intricacies of supply chain security and discover why addressing vulnerabilities in the supply chain is the next frontier in cybersecurity. Little by Little Becomes A Lot: When trying to achieve a goal, it’s said that taking small steps can lead to big results. See how hackers could apply that same rule.  Not a Third Wheel: It’s widely known who the main players are globally that sponsor attacks and a new country in South Asia may join the international stage. No, not Mother Earth! Plutonium, terbium, silicon wafers — these rare earth materials present an intriguing opportunity for hackers looking to disrupt an enemy’s economy. The Scarface Effect: Like drug cartels, cybergangs are forming sophisticated organizations. Winning from the Inside: In 2024, we may see enterprising threat actors target more publicly traded companies, leveraging data extraction and their talents in plain sight as everyday investors. This is just a glimpse into the dynamic and evolving landscape detailed in our full report. Download the complete “Experian 2024 Data Breach Industry Forecast” to explore these predictions in-depth and stay ahead of the curve. Expert Analysis: Navigating Complexity with Confidence Backed by extensive research and the expertise of our seasoned analysts, the report provides more than just predictions; it offers a deep dive into the complexities of the modern cybersecurity landscape. Our experts share their insights on how these predictions will impact organizations and individuals, providing actionable intelligence that goes beyond the theoretical. Whether you’re a CISO, a Compliance Officer, or a Cyber Risk Insurer, the “Experian 2024 Data Breach Industry Forecast” equips you to navigate the challenges of tomorrow with confidence. Empowering You to Lead in Data Breach Response As you read through the report, you’ll find that our approach goes beyond merely highlighting problems; we provide solutions. Each prediction is accompanied by practical recommendations and best practices, ensuring that you not only understand the evolving landscape but also possess the tools to proactively address the challenges that lie ahead.Now, more than ever, it’s crucial to be proactive in your approach to cybersecurity. Download the full “Experian 2024 Data Breach Industry Forecast” to unlock the insights and strategies that will set you apart in the realm of data breach response. Your journey into the future starts here. The Future is Now. Are you ready to take the first step toward a more secure tomorrow? Download the report now and lead the way in data breach response. Read more

  Managing digital identities is a necessity, responsibility and privilege. When done right, digital identity management solutions can help consumers feel recognized and safe. In turn, companies can build strong and personalized relationships with their customers while complying with regulatory requirements and combating hydra-like fraud attacks. What is digital identity? The concept and definition of a digital identity have expanded as everyday interactions increasingly happen in digital realms. Today, a digital identity is more than an online account. Identities can be created and depend on all the digital information associated with a unique entity, which may be a person, business or device. A person's digital identity often includes online and offline attributes that fall into one of three categories: Something a user knows, such as a username, password or PIN. Something a user has, such as a mobile phone or security token. Something that's part of the user, such as a fingerprint, iris, voice pattern, behavior or preferences. People are increasingly open to sharing this type of personal information if it serves a purpose. Our Global Identity and Fraud Report found that 57 percent of consumers are willing to share data if it ensures greater security or prevents fraud, and 63 percent of consumers think sharing data is beneficial (up from 51 percent in 2021).1 People can also use these identifiers to verify their identity at a later point. But digital identity verification tools should rely on more than user-provided verification alone. A person may have hundreds or thousands of digital interactions every day, and these can leave digital footprints that you can use to create or expand digital identities. These types of identifiers — such as search queries, geotags, behaviors and device information — can also help you authenticate a user and offer a more customized and seamless experience. However, when focusing on consumers' digital identities, it's important to remember that their identity is more than the sum of data points. A person's digital identity is unique and personal, and it should be managed accordingly. The business side's challenges A discussion of what makes up an identity can quickly turn philosophical. For instance, you can't authenticate identical twins based on a face scan or DNA test, so what is it that makes them unique? In some ways, the example gets to the heart of businesses' challenges today. To create a safe and enjoyable online identity verification experience, you need to be able to distinguish between a real person and an imitator, even when the two look nearly identical. Access to more information can make this easier, but you then need to ensure that you can keep this information secure. It can be a tricky balance, but if you get it right, your efforts will be rewarded. People want to be recognized as they move across channels and devices, and organizations want to be able to quickly and accurately identify users with a friction-right experience that also helps prevent fraud. However, while 84 percent of businesses say recognizing customers is "very" or "extremely" important, only about 33 percent of consumers are confident that they'll be repeatedly recognized online.1 There's a clear gap — and an opportunity to better meet customers' desires. Organizations across industries know they need a customer recognition strategy and 82% already have one in place.2 Some businesses address this challenge with identity platforms that are standardized and interoperable. Standardization allows the platform to gather and store the growing influx of data that it can use as part of a digital identity strategy. Interoperability allows the platform to match different types of data, including physical data, with a person to verify their digital identity and avoid the creation of duplicate identities. In short, the platforms can make sense of increasingly large amounts of internal and external data and easily incorporate new data sources as they become available. Regulatory compliance and digital identity Navigating the regulatory landscape is a significant challenge for organizations dealing with digital identities. Compliance is not only necessary for legal reasons but also critical to maintaining customer trust and safeguarding institutional reputation. Organizations must stay informed about the regulatory frameworks that affect digital identity, such as the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), and other pertinent laws in jurisdictions they operate. These regulations dictate how personal data can be collected, stored, used and shared. Staying ahead of regulatory changes: Regulatory landscapes are dynamic, particularly concerning digital data. Organizations should engage with policymakers and participate in industry forums to  stay ahead of changes. By proactively managing compliance, organizations can avoid costly penalties, operational disruptions and reputational damage. The consumer's perspective Some organizations are adopting a consumer-centric approach to digital identity that puts consumers' needs and desires first. These can broadly be broken into four categories: Security: While people want a seamless and personalized experience, security and privacy are listed as top concerns year after year.1 That might not be surprising given that data breaches continually make headlines and there are growing concerns over identity theft. Privacy: Security is related to privacy, but privacy means more than keeping consumers' information safe from hackers. Our April 2022 Global Insight Report found that 90 percent of consumers want some or complete control over how their personal data is used. 3 Recognition: People want to be continually recognized once they share and verify their identity, even if they move between devices or channels. And nearly 70 percent of consumers say it's important for businesses to recognize them across multiple visits.1 Inclusion: Consumers may have varying levels of access to technology, comfort with technology and access to physical identifiers. Creating digital identity solutions for these potential barriers can also increase financial inclusion. While these are all areas of focus, organizations also need to find the right fit for each person and interaction. For instance, consumers may expect and even appreciate a robust verification process when they're opening a new financial account. But they could quickly be turned off by a similar process if they're making a small purchase or trying to play a new online game. What to look for in a digital identity partner Digital identity solutions and services have grown increasingly sophisticated to meet today's challenges. Identity hubs and data orchestration engines can connect with multiple services to help create, resolve, verify and authenticate identities. By moving away from a siloed approach, businesses can offer customers a better experience while minimizing their risk throughout the customer journey. When comparing potential partners, look for a company that: Has a customer-first approach: If your business is customer-first, then you need a partner who has a similar view. Uses multidimensional data: The partner should be able to offer and use offline and digital data sources to resolve, verify and authenticate digital identities. Its capabilities may become increasingly important as new data sources emerge. Isn't afraid to innovate: Look into how the partner is testing and using the latest advancements, such as artificial intelligence, in its digital identity solutions. Protects your brand: Understand how the partner helps detect and prevent fraud while creating a seamless experience for your customers and protecting their data. The right partner can increase your bottom line, help you build trust and improve your brand's reputation. Learn more about Experian Identity, an integrated approach to digital identity that builds on Experian's decades of experience managing and securing identifying information. Learn more 1“2022 Global Identity and Fraud Report: Building digital consumer trust amidst rising fraud activity and concerns," Experian, June 2022 2“2021 Global Identity and Fraud Report: Protecting and enabling customer engagements in the new digital era," Experian, April 2021. https://www.experian.com/content/dam/marketing/na/global-da/pdfs/GIDFR_2022.pdf https://www.experian.co.th/wp-content/uploads/2021/04/Experian-Global-Identity-Fraud-Report-2021.pdf 3"Global Insights Report: April 2022," Experian, April 2022. https://www.experian.com/blogs/global-insights/wp-content/uploads/2022/04/WaveReportApril2022.pdf *This article includes content created by an AI language model and is intended to provide general information.

When it comes to online personal data, the majority of Americans believe it has become more and more difficult to control who has access to that information.[1] And as international data breaches continue to feed the dark web, the cost is high for consumers. Identity theft by the numbers At least 16 billion records have been exposed through data breaches since 2019, and 31% of data breach victims later have their identity stolen[2]. The cost of obtaining a full range of documents and account details allowing identity theft is about $1,275.[3] With a 290% increase in stolen data found on the dark web in the past three years, monitoring is a must-have for data-driven service providers[4]. Now more than ever, consumers expect businesses that collect their information to keep it secure. A solution for your customers Here’s the good news: Experian CyberAgent® is a proprietary, patented dark web technology that proactively detects compromised confidential data online around the world. With more than 21 billion records found, this software is designed for proactive cyber detection on an international level. CyberAgent® monitors a variety of identity elements and captures all the data being exchanged, including: Social Security numbers National identification numbers Email addresses/ domains and phone numbers Medical identifications numbers Passport and driver’s license numbers Credit/debit card information Retail card numbers Bank account and routing numbers International banking numbers Global protection As the only internet surveillance tool that can match data on an international level, CyberAgent® breaks language barriers and detects identity theft across the globe. By monitoring thousands of websites and millions of data points, this technology enables you to notify your customers if a match to their monitored personal information is found. Alert your customers before they become a victim of identity theft and offer unrivaled protection from dark web threats. Click here to learn more [1]Ipsos. 2022. Most Americans say it is increasingly difficult to control who can access their online data. [2]Selfkey. 2020. All Data Breaches in 2019 – 2022 – An Alarming Timeline. [3]Privacy Affairs. 2020. Dark Web Price Index 2020. [4]Experian CyberAgent® monitoring counts as of June 2022.

“As an industry, fintech is known for creating compelling and personalized online journeys. But that experience can suffer if the fraud-prevention routines are perceived as burdensome by consumers,” said Kathleen Peters, Chief Innovation Officer for Experian’s Decision Analytics business, in a recent Q&A article with Finovate.  With the proliferation of the digital world, managing digital identity and “getting it right” is crucial. However, as much as it is an opportunity, leveraging consumer identity data can also create a stumbling block for some organizations. Peters cited Experian’s annual Global Identity and Fraud Report, specifically, the consumer concern around online security and the need for industry players to find the right balance between security and a frictionless experience.  “In short, we need the right fraud-prevention treatment for the right transaction; it is not a one-size-fits-all exercise,” Peters said.  The interview also covered the importance of knowing a customer’s identity for compliance reasons and business use cases, dispelling the myth that banks’ efforts around personalization are considered “creepy” by consumers, and the best ways for banks and fintechs to build trust among their consumers.   According to Experian’s Global Identity and Fraud Report, consumers are willing to give entities they trust more data, particularly if they feel they are receiving value. And it’s undeniable that data is at the heart of personalization and building better relationships.  “It comes down to identifying and understanding consumers and their needs. The best way to do that is with a lot of data,” Peters said.  To read the full article, visit Finovate’s website.  Finovate: Experian CIO on Digital Identity, Personalization and Building Trust with Consumer Data  Learn more about Experian Identity

As we navigate a new way of living, working, and handling the unpredictability of COVID-19 and other potential health concerns worldwide, now is not the time to ease up on data breach preparedness. I’ve said it many times before, and I’ll repeat it, every minute counts in today’s fast-breaking data breach response environment. As pointed out in the foreword of the 8th Annual Experian® 2022 Data Breach Response Guide, “Almost everything is done and undone with a screen touch, keystroke, password, or pin.” It is a convenient reality for consumers looking to make quick, returnable digital purchases, as it is for hackers who can cause irreversible financial and reputational harm to companies and organizations. In this world, it’s not an option to put data breach preparedness on the back burner. Every employee in your organization, from the C-suite to the call center, must stay ready. In 2021, the average cost of a data breach was $4.24 million.[1] Industry Perspectives, Current Data, Consumer Response  New and improved for 2022-2023, our latest Data Breach Response Guide is an in-depth preparedness page-turner, complete with predictions, trends, experienced-based advice from Experian experts, and real-world incident insight informed by servicing breaches over 15 years. The Highlights  I’ve managed the roll-out of this guide for years, and I have to say, this guide is the most comprehensive and data-dense one yet. It has everything you need to learn how to prepare, plan, practice, audit, and manage your crisis response. You’ll get details on: The Rise of Ransomware—one happened every 11 seconds in 2021[2] What do businesses think about response plan drills?—84% agree their plans could be more effective with drills[3] Why hackers’ top industry target is still healthcare) and why How Experian® Crisis Solutions helps companies recover strong, much more Cyberattack Preparation is Paramount Cybersecurity and data breach preparedness is changing by the minute. Experian is expanding its product offerings, staying on top of rising threats, and relying on our deep experience to support partners when they need us most. Ready to learn more about how to stay ready for a data breach? Download the Experian® Data Breach Guide now. For additional preparedness insights, sign up for our free resource hub. [1] IBM & Ponemon 2021 Cost of a Data Breach Report [2] Cybersecurity Ventures, Cybercrime to Cost the World $10.5 Trillion Annually by 2025 [3] Experian and Ponemon. 2022. Ninth Annual Study: Is Your Company Ready for a Big Data Breach

Data breaches are becoming more common, and you need to be aware of the risks to effectively protect your business. A breach of consumer data can destroy the trust you have built with your consumers. When your company’s revenue relies on your reputation, consumer trust is your greatest asset. Below are five data breach statistics that you should know, along with some tips on how to protect your company. 1. There were 1,862 data breaches in 2021, breaking the previous record[1] This number surpasses both 2020’s total of 1,108 and the previous record of 1,506 set in 2017. Eva Velasquez, president and CEO of the Identity Theft Resource Center, called the number of breaches “alarming” and went on further to say, “There is no reason to believe the level of data compromises will suddenly decline in 2022.” The rise in breaches underscores the urgency for organizations to ensure compliance with regulations like the California Consumer Privacy Act (CCPA) and HIPAA to properly secure data (or face hefty fines). This is made more challenging as organizations struggle to adapt to more remote work practices while trying to manage the massive amounts of data they hold. Practicing good cyber hygiene is essential to protecting your and your consumers’ personal information. 2. Ransomware attacks in the U.S. alone account for 30% of all cyberattacks last year[2] At Experian, we’ve seen an even higher occurrence of 59% of the events serviced in 2021. These types of events have nearly doubled in the last two years, and at this rate of growth, ITRC said ransomware will surpass phishing as the top cause of data breaches in 2022. Ransomware events take, on average, over 20% more time to begin, which means more lost time and money for your organization. 3. The average ransom demand was $5.3 million which is a 518% increase from the 2020 average of $847,000.[1] A data breach not only costs your organization money, but also your time, resources, and reputation. Hackers are getting smarter and more sophisticated with their attacks and demands making it harder for organizations to respond effectively. Experian’s 2019 Data Breach Consumer Survey Report revealed that if you are breached, consumers want to know about it within 24 hours.[2] If you do not have a response plan in place, a mass notification in an emergency can overwhelm your resources and damage the trust you have built with your customers. 4. 95% of cybersecurity breaches are due to human error[3] Most data breaches can be prevented if you take the right precautions. The best way to avoid a data breach is by providing your employees with proper training, such as phishing awareness. This will help them identify any malicious emails or websites that might expose company information and reduce the likelihood of your organization being hacked. In addition to employee training and awareness programs, organizations should look to bolster their cybersecurity measures with tools like threat detection, multi-layered defense mechanisms, and routine security audits to identify vulnerabilities before bad actors do. 5. 90% of consumers are more forgiving of companies that had a response plan in place prior to the breach.[4] If your organization does not have a response plan in place, it could be game over for your brand. A significant number of survey respondents (81%) would stop engaging with a brand online following a data breach.[5] The expectation from consumers is that a company is always responsible for protecting data. Building consumer trust is key to maintaining lasting customer relationships and managing your company’s bottom line. Should a breach occur, it’s critical for organizations to effectively manage the breach with a comprehensive incident response plan to mitigate the impact on your customers. Unfortunately, data breaching is a problem that is here to stay. At Experian, breaches are our business. We know ransomware breaches have more complex FAQs, letter versions, and increased call center escalations. Learn more about our Reserved Response solution [1] Identity Theft Resource Center. 2021. 2021 Data Breach Report. [2] Verizon. 2021. 2021 Data Breach Investigations Report. [3] Palo Alto Networks. 2021. Extortion Payments Hit New Records as Ransomware Crisis Intensifies. [4] Experian. 2019. Data Breach Consumer Survey. [5] Cybint Solutions. 2020. 15 Alarming Cyber Security Facts and Stats. [6] Experian. 2019. Data Breach Consumer Survey. [7] Business Wire. 2019. 81% of Consumers Would Stop Engaging with a Brand Online After a Data Breach, Reports Ping Identity.

New Year, New Cyber Threats This is my first blog post of 2022, and I’m afraid the news I’m here to bear isn’t ideal: cyber attack stakes are high. In 2022, hackers are literally betting on a growing market spreading online across the U.S. Before I get into our Data Breach Industry Forecast, let’s take a quick look back. In 2021, we witnessed a sea of change in digital connectivity and activity during the pandemic. As vaccines became widely available and distributed, the recovery, on all fronts, felt close. But now, as new variants continue to develop and spread, it seems like we are in a one-step-forward, two-steps-back scenario—what the Ninth Annual Experian Data Breach Industry Forecast calls the “Cyberdemic Hangover.” As we aim for stability in 2022, companies must continue to secure weak technologies, and consumers must be vigilant in their daily digital lives. The 2022 Data Breach Industry Forecast report tells the story of what we’re facing this year better than I can, so I encourage you to download a copy. However, here’s a preview of one prediction to get you started. Hackers Bet on New Gamblers Again, cyber attack stakes are high. The online gambling market reached more than $70 billion globally in 2021. With more U.S. states legalizing online sports, cyber thieves will look to place scams, particularly phishing scams, on the likes of fantasy sports sites and more. The possible targets will add up over the course of the year as this market grows and alternative payments like cryptocurrency become more widely accepted. Experian’s deep expertise in helping companies navigate more breaches over the last 18 years informs the other four predictions. To find out the other areas hackers are hoping to cash in on this year, download the predictions now. Visit our website for Data Breach Resolution and Reserved Response™ insights

Hackers are playing the game of data compromise, and they are winning. At this point, companies of all sizes, from all industries, know that consumers have a growing desire to take control of their data and digital privacy. In case you missed the latest webinar and whitepaper release from Javelin Strategy & Research, it makes three things clear about consumers’ current attitudes about fraud and its impact on businesses. 1. Consumers are much more privacy-aware In 2020, consumers turned to social media and telecommunicating platforms to work, stay in touch with friends and family networks and learn. While the broad-scale increase provided a way for global commerce and connections to continue during the worldwide pandemic, it also accelerated cybercrime. The influx of internet traffic created a ready-made environment for fraudsters to profit from consumers in a big way, primarily through scams. Scams were so profitable that they accounted for $43 billion of the $56 billion reported ID fraud losses last year.1 2. Consumers blame Financial Institutions for fraud. It’s the main reason they leave.  When consumers experience fraud, they blame their financial institutions, even if the loss has nothing to do with the institution or its business’s responsibility to the consumer. This attitude shows that consumers hold FIs accountable for their data protection. And when they don’t get it, they take their expectations and their business elsewhere. The data shows the proof. In 2020, 38% of consumers closed a bank account affected by fraud, with 69% saying their primary FIs did not resolve their fraud concerns or losses.1 As the saying goes, perception is reality, and in the case of fraud, consumer thoughts have real consequences for organizations. 3. Consumers leave when breaches happen This point is simple: consumers leave even when personally identifiable information (PII) or other data is not stolen. Be prepared with a playbook or be ready to lose consumer trust To improve the customer experience, build trust and reduce risk, companies need a playbook — a fraud resolution and breach response playbook — a solid plan that falls under their existing business and continuity disaster recovery plan. Why? Because consumers need to know and, more importantly, trust that companies are prepared to react quickly and deliver resolution when a network intrusion occurs.  According to Javelin Strategy & Research data, fraud resolution is the best way to retain customers and members. In addition, consumer perception of cybersecurity plays a significant role in consumer attrition and retention. Again, even if personal information is protected, if your organization is attacked, consumers are more likely to stop doing business with your organization, even if no data was compromised. This means cybersecurity and fraud prevention empowerment is a game-changer, driving 22% of consumers’ satisfaction ratings with online banking.2 When building your playbook, consider two core things:  1. Make sure it’s well-developed A comprehensive fraud resolution and breach response should include a solid approach to collaborate with consumers when fraud occurs. Ensuring your plan includes fraud, cyber, and marketing communications teams will help your company act swiftly and build consumer confidence. 2. Don’t just encrypt data; strengthen perimeter security.  Strong perimeter security will ensure safe interactions with consumers. Even if personal information is protected, consumers will perceive a penetration of the network as a breach and will be more apt to stop doing business with your company. At Experian, preparedness is our business. We know how important fraud resolution and breach response is to your customer’s experience. Developing a solid playbook is key to that experience, building trust and reducing risk. To learn more, read the Giving Consumers Control and Enhancing Fraud Prevention whitepaper, watch the Empowerment and Fraud Prevention are Key webinar and find out how to protect your business with Experian’s Global Data Breach Solutions. 1 Javelin Strategy & Research. March 2021. 2 Javelin Strategy & Research. June 2021.

As today’s fastest-growing form of criminal activity, cybercrime is expected to cost organizations $6.1 trillion worldwide this year alone,1 with attacks on enterprises now occurring every 11 seconds2. But despite increasingly widespread growth in corporate IT security awareness, the importance of putting a sound data breach preparation plan in place for protecting your customers’ privacy and data can’t be underscored enough. Given the scale of IT security threats, it bears reminding: Network compromise is now largely a matter of when, not if for most businesses. As a result of this shift in security and operating environments, it’s important for enterprise leaders to note the six key reasons that most data breach responses fail: No Budget: Despite the seeming inevitability of a data breach, most companies’ average annual budget for a consumer response is exactly $0. Many companies and security teams believe they are fully prepared or won’t be targeted. But with losses due to ransomware attacks up 225% lately in the US alone3, it can be an expensive gamble to make. Never Tested: Even if a company does have a data breach response plan in place, it’s not usually been stressed-tested via live exercises and drills. Having a plan in place is a great first step, but unless you test it in a live breach simulation or exercise, you can’t be certain the plan will be successful. Unknown Impact: It can be hard to know how much of your customer population has been impacted by the breach. Your plan needs to be flexible enough to accommodate both small and massive breaches. No Estimate: Data breach responses also fail because there is no estimate for the scale of phone calls, emails, and complaints that may be received. To put things in perspective: A small data breach is MUCH different and easier to remedy than a one involving millions of records. Slow to Respond: By law, firms that suffer a data breach must now report the incident to government authorities within 72 hours. Failure to address increasing regulatory compliance and information sharing needs (which demand greater oversight and overhead from organizations), can come with hefty fines. No SLAs: Companies often don’t have the necessary agreements to guarantee the infrastructure and staff to assist consumers with resolving their cases. Having a dedicated, guaranteed number of call center agents ready to go when a company experiences a data breach is invaluable. To improve your odds of successfully defending against and responding to breaches, you’ll want to focus on strengthening four areas of operations: Guarantee Resources: Ensure that you have dedicated security resources and prepared to react to threats on the turn of a dime. Your SLAs should include well-trained, certified call center agents and the infrastructure ready to go. This should include scalable and high quality identity protection services to resolve harm to your customers. Readiness Testing: Failing to plan (i.e. not stress-testing your recovery plan prior to incidents occurring) is like planning to fail. By rehearsing your disaster response and recovery strategies, you’ll be able to identify any points of failure and shortcomings that you can improve upon before actual concerns arise. Regulatory Needs: Emphasize quick and accurate responses to regulator inquiries by understanding the specifics for your industry and business. Communications: Having a corporate communications plan ready to go in real-time is also key. Connect with your communications team to create a communications response plan prior to any incidents occurring so that all you largely need to tweak are specifics on the day of the event. According to studies by IBM, companies can save $1.2 million off the cost of data breaches by having an incident response plan in place and extensively testing it before cyber threats strike. Bearing this in mind, the best defense against digital dangers is a good offense. Experian’s Reserved Response™ was created to help organizations take a proactive approach to data breach response planning. Deploy it to put an end-to-end game plan in place and implement a step-by-step playbook that workers can follow in the event of  an incident. You’ll also guarantee that your organization gains the necessary manpower, infrastructure, and response readiness needed to ensure ongoing network resilience and a speedy recovery should disaster strike. 1 Cybersecurity Ventures, Annual Cybercrime Report 2020 2 Cybersecurity Ventures, Cybercrime to Cost the World $10.5 Trillion Annually by 2025 3 Cyberreason, Ransomware: The True Cost to Business Study 2021

The ongoing COVID-19 pandemic has facilitated an increase in information collection among consumers and organizations, creating a prosperous climate for cybercriminals. As businesses and customers adjust to the “new normal,” hackers are honing in on their targets and finding new, more sophisticated ways to access their sensitive data. As part of our recently launched Q&A perspective series, Michael Bruemmer, Experian’s Vice President of Data Breach Resolution and Consumer Protection, provided insight on emerging fraud schemes related to the COVID-19 vaccines and how increased use of digital home technologies could lead to an upsurge in identity theft and ransomware attacks. Check out what he had to say: Q: How did Experian determine the top data breach trends for 2021? MB: As part of our initiative to help organizations prevent data breaches and protect their information, we release an annual Data Breach Forecast. Prior to the launch of the report, we analyze market and consumer trends. We then come up with a list of potential predictions based off the current climate and opportunities for data breaches that may arise in the coming year. Closer to publication, we pick the top five ‘trends’ and craft our supporting rationale. Q: When it comes to data, what is the most immediate threat to organizations today? MB: Most data breaches that we service have a root cause in employee errors – and working remotely intensifies this issue. Often, it’s through negligence; clicking on a phishing link, reusing a common password for multiple accounts, not using two-factor authentication, etc. Organizations must continue to educate their employees to be more aware of the dangers of an internal breach and the steps they can take to prevent it. Q: How should an organization begin to put together a comprehensive threat and response review? MB: Organizations that excel in cybersecurity often are backed by executives that make comprehensive threats and response reviews a top corporate priority. When the rest of the organization sees higher-ups emphasizing the importance of fraud prevention, it’s easier to invest time and money in threat assessments and data breach preparedness. Q: What fraud schemes should consumers be looking out for? MB: The two top fraud schemes that consumers should be wary of are scams related to the COVID-19 vaccine rollout and home devices being held for ransom. Fraudsters have been leveraging social media to spread harmful false rumors and misinformation about the vaccines, their effectiveness and the distribution process. These mistruths can bring harm to supply chains and delay government response efforts. And while ransomware attacks aren’t new, they are getting smarter and easier with people working, going to school and hosting gatherings entirely on their connected devices. With control over home devices, doors, windows, and security systems, cybercriminals have the potential to hold an entire house hostage in exchange for money or information. For more insight on how to safeguard your organization and consumers from emerging fraud threats, watch our Experian Symposium Series event on-demand and download our 2021 Data Breach Industry Forecast. Watch now Access forecast About Our Expert: Michael Bruemmer, Experian VP of Data Breach Resolution and Consumer Protection, North America Michael manages Experian’s dedicated Data Breach Resolution and Consumer Protection group, which aims to help businesses better prepare for a data breach and mitigate associated consumer risks following breach incidents. With over 25 years in the industry, he has guided organizations of all sizes and sectors through pre-breach response planning and delivery.

Security. Convenience. Personalization. Finding the balance between these three priorities is key to creating a safe and low-friction customer experience. We surveyed more than 6,500 consumers and 650 businesses worldwide about these priorities for our 2020 Global Identity and Fraud Report: Most business are focusing on personalization, specifically in relation to upselling and cross-selling. This is frustrating customers who are looking for increases in both security and convenience. It’s possible to have all three. Read Full Report

For most businesses, building the best online experience for consumers requires a balance between security and convenience. But the challenge has always been finding a happy medium between the two – offering enough security that won’t get in the way of convenience and vice versa. In the past, it was always believed that one would always come at the expense of the other. But technology and innovation is changing how businesses approach security and is allowing them to give the maximum potential of both. Consumers want security AND convenience Consumers consider security and convenience as the foundation of their online experience. Findings from our 2019 Global Identity and Fraud Report revealed approximately 74 percent of consumers ranked security as the most important part of their online experience, followed by convenience. In other words, they expect businesses to provide them with both. We see this with how consumers are typically using the same security information each time they open a new digital account – out of convenience. But if one account is compromised, the consumer becomes vulnerable to possible fraudulent activity. With today’s technology, businesses can give consumers an easier and more secure way to access their digital accounts. Creating the optimal online experience More security usually meant creating more passwords, answering more security questions, completing CAPTCHA tests, etc. While consumers are willing to work through these friction-inducing methods to complete a transaction or access an account, it’s not always the most convenient process. Advanced data and technology has opened doors for new authentication methods, such as physical and behavioral biometrics, digital tokenization, device intelligence and machine learning, to maximize the potential for businesses to provide the best online experience possible. In fact, consumers have expressed greater confidence in businesses that implement these advanced security methods. Rates of consumer confidence in passwords was only 44 percent, compared to a 74 percent rate of consumer confidence in physical biometrics. Consumers are willing to embrace the latest security technology because it provides the security and convenience they want from businesses. While traditional forms of security were sufficient, advanced authentication methods have proven to be more reliable forms of security that consumers trust and can improve their online experience. The optimal online experience is a balance between security and convenience. Innovative technologies and data are helping businesses protect people’s identities and provide consumers with an improved online experience.  

Risk managers, legal experts and brokers say phishing and social engineering are, by far, the biggest security threats facing their companies and clients. In fact, 80 percent of legal experts polled by Advisen for Experian Data Breach Resolution’s 2017 Cyber Risk Preparedness and Response Survey, 68 percent of brokers and 61 percent of risk managers cited phishing/social engineering as their top concern. Why do they feel that way? A look at the numbers and some insight into human nature can explain their fears — and help you understand why your organization should be just as concerned about phishing risks. By the numbers Phishing and social engineering are particularly effective forms of cyberattack because they use technology and knowledge of human nature to manipulate employees into actions that serve the attacker’s purpose. How effective are they? Employees succumbing to a targeted phishing attack was one of the top two insider risks cited by executives who responded to the Ponemon report Managing Insider Risk through Training and Culture. Sixty-one percent of information security professionals polled by Wombat Security for its 2017 State of the Phish report said their organization had been the victim of a phishing attack. According to the Ponemon Fourth Annual Preparedness Study, 38 percent of respondents are not confident they can deal with a spear phishing incident The human risk factor Phishing in general and spear phishing in particular are successful because human beings are often the chink in an organization’s cybersecurity armor. All it takes is one overly curious and under-cautious employee clicking on a suspicious email, or a well-meaning worker who responds to a seemingly authentic request for proprietary information. Those scenarios are the stuff of nightmares for information security professionals, and unfortunately they happen all too frequently. Multiple studies show that negligent employees cause more data breaches than other sources, whether they succumb to a phishing attack or lose a company laptop at the airport. However, studies also show that cybersecurity training, including a component on phishing, can help reduce employee-related risks. Training is critical Among organizations that train employees on how to spot and avoid phishing attacks, 52 percent reported they were able to see quantifiable results — fewer successful attacks — based on their training, Wombat said. Respondents to the Advisen survey stressed the importance of creating a company culture in which cybersecurity is everyone’s job and knowledge of phishing and how to thwart attacks is the norm. Employee training in cybersecurity should begin as part of the onboarding process when the worker joins your organization, and everyone should get a refresher at least annually. While 67 percent of those surveyed by Ponemon said their organizations didn’t incentivize employees to proactively protect sensitive information or report potential issues, any successful culture of security should reward those who are embracing their roles as protectors — and not just punish those who fall short. Learn more about our Data Breach solutions

Outsourcing can be risky business. The Ponemon Institute reports that 65% of companies who outsourced work to a vendor have had a data breach involving consumer data and 64% say it has happened more than once.  Their study, Securing Outsourced Consumer Data, sponsored by Experian® Data Breach Resolution also found that the most common cause for breaches were negligence and lost or stolen devices. Despite the gravity of these errors, only 38 percent of businesses asked their vendor to fix the problems that led to the breach and surprisingly, 56% of the companies learned about the data breach accidentally instead of through security protocols and control procedures. These findings come from a survey of 748 people in a supervisory (or higher) job who work in vendor management at companies that share or transfer consumer data mainly for marketing, finance and outsourced IT operations including cloud services and payment processing.  The survey also polled the vendors and 57% of them reported that they in turn, outsourced work to a third party.  23% of vendors could not tell how often data loss happened which is a sign that they don’t have proper procedures and policies in place to know when incidents occur.  When asked about their data breach notification practices, only 16 percent of vendors said they immediately notified their client after the breach investigation with 25 percent saying they don’t even tell clients about breaches of data.   Keeping all work and information in house is not feasible in today’s multi-corporate companies, and outsourcing is a business reality, however, all parties have a responsibility to protect the sensitive and confidential data that is entrusted to them.  When outsourcing consumer data to vendors, here are a few guidelines companies need to follow to safeguard the information: 1. Make sure you hold vendors to the same security standards as your own in-house security policies and practices. 2. Make sure the vendor has appropriate security and controls procedures in place to monitor potential threats. 3. Audit the vendor’s security and privacy practices and make sure in your contract with them, the vendor is legally obligated to fix data problems should a breach occur including notifying consumers. 4. Monitor the security and privacy practices of vendors you work with especially if you share consumer data with them. 5. Require background checks for vendor employees who have access to confidential information. The goal of this study was to better understand what companies are doing to protect consumer data they outsource and where improvements could be made to insure privacy and security when sharing private information with third parties.  The solution seems to be that all parties must first agree that data privacy and protection is paramount and then work toward the mutual goal of achieving responsible privacy and security practices. Download the Securing Outsourced Consumer Data report