Experian Global News Blog

Author: Michael Bruemmer

  • Experian Releases its 12th Annual Data Breach Industry Forecast Highlighting Five Predictions for 2025

    Graphic of the front cover of the 2025 Data Breach Industry Forecast

    When it comes to cybercriminals and threat vectors, we need to expect the unexpected. Experian’s 12th annual Data Breach Industry Forecast highlights several potential trends for 2025, with AI playing a central role. This year has already seen more data breaches and impacted consumers than 2023, indicating that global data breaches are not slowing down.

    Some things to watch out for next year includes the potential for more internal fraud. As companies train employees on AI, there is a growing risk that some will misuse their knowledge for internal theft and sourcing sensitive information. Another trend may be cyberattackers targeting large data centers, with the growth of generative AI introducing power as a new attack vector. It’s reported that a single ChatGPT query uses significantly more electricity than a standard Google search, making data centers and cloud infrastructure vulnerable, especially in countries with varying security standards.

    We expect AI-related attacks to dominate the headlines next year and investments in cybersecurity will increase to tackle this emerging threat, as hackers leverage AI for phishing, password cracking, malware, and deepfakes.

    Jim Steven, Head of Crisis and Data Response Services at Experian Global Data Breach Resolution in the UK, anticipates that global data breaches will persist at their current rate next year. He notes that ransomware attacks are likely to become even more sophisticated with the integration of AI. Additionally, Steven predicts that threat actors will escalate their tactics to achieve greater rewards, and the misuse of consumer data to damage reputations will increase in 2025.

    To access the complimentary report, click here.

  • Experian 11th Annual Data Breach Industry Forecast Details Emerging Cyber Threats in 2024

    In its 11th year, Experian’s Data Breach Resolution group today released its annual Data Breach Industry Forecast for 2024. The report’s global outlook identifies potential moves cybercriminals near and far may take to penetrate organizations and cause chaos. The six predictions included offer commentary into the evolving landscape including the vulnerabilities in expansive data supply chains, what may be new targets, and the sophistication of cyber crews globally.

    A key reminder is that cybercriminals are working smarter not harder. Like many, they too are potentially leveraging modern tools like artificial intelligence. There may be sophisticated cybergangs operating like organized crime families. Also, hackers today could be backed by growing resources from nation-state sponsors. Their MO is not only stealing data to possibly sell on the dark web or deploy ransomware anymore. They can potentially reap benefits by disrupting economies or industries as we mention in our prediction, “No, not Mother Earth!” or use intellectual property as collateral or for personal gain outlined in the “Winning from the Inside” prediction, for example. There are always new ways of conducting “business” for cybercriminals.

    In the face of emerging cyber threats, organizations are urged to prioritize cybersecurity as a fundamental aspect of their operations. They should regularly update and reinforce security protocols, conduct thorough risk assessments, and invest in cutting-edge cybersecurity technologies. By staying vigilant and adopting a proactive cybersecurity stance, organizations can significantly mitigate the risks posed by the evolving tactics of cybercriminals in 2024 and beyond.

    Experian Global Data Breach Resolution offers international resources for companies impacted by a security incident and services include IdentityWorks℠ Global, multilingual call centers, and notifications covering more than 100 countries. Experian has also recently expanded capabilities to Japan, Taiwan and Thailand.

    To access the complimentary report, visit https://ex.pn/2024databreachindustryforecast.

  • The 2020 Cyber-demic and What’s To Come

    There hasn’t been many world events that have occurred during my 25+ year career that have had such an impact on cybersecurity as the pandemic. As I reflect on the approximate one year mark since we first heard about COVID-19, it’s truly been one for the record books.

    This is not relative to numbers such as the amount of data breaches that have been caused by the pandemic, but more so because of the long term ramifications. The pandemic opened up many new cyber scams and threat vectors as well as more vulnerable targets due to rapid and – at times – rushed changes organizations had to undertake in order to respond. A good cyber review of 2020 can be found here.

    Now we are at a tipping point with societal and operational changes companies and cybersecurity professionals will need to grapple with for a long time. I addressed how some of these will affect 2021 in my annual Data Breach Industry Forecast. As we forge ahead, there are two key areas I see as major security concerns with long-term impact:

    Remote working is here to stay

    There is no turning back in how, and more importantly, where we do business. What that means is a larger workforce working from home, which spurs a number of concerns and vulnerabilities from a security standpoint. Businesses now have a much broader threat landscape to protect. Not only that, but families need to tighten their security hygiene as well for their personal devices since criminals know we are spending more time at home using these tools. I predict that operationally there will be new strategies to protect systems and a rethinking of best practices in addition to a flurry of new protection software and other technologies to better protect this at-home frontier. Companies will also need to create new trainings for its employees and find better defenses for social networking attacks like spear phishing.

    Healthcare will never be the same

    That line is an understatement. Unfortunately, cybercriminals will not take pity and leave the embattled industry alone. Medical information is very lucrative and thieves will continue to take advantage of healthcare organizations’ focus on the pandemic. But they must address security, especially with advancements here to stay such as telehealth. In fact, I envision that operationally we’ll see more third party data breaches as more providers engage outside suppliers for their digital offerings. Also, with increased digital visits there could be more patients visiting smaller clinics or diagnostic testing centers for further evaluations or tests, which opens up more roads where patients’ information is flowing back and forth. Organizations will need to shore up third party security protocols and expectations to try to prevent this type of data breach.

    We are only at the beginning of this journey to overcome unexpected challenges and manage new ways of conducting business. For more commentary and updates on the cyber-demic, follow my LinkedIn monthly digest.

  • Experian is Named As a Leader in Customer Data Breach Notification and Response Services by Independent Research Firm

    There is no doubt data breaches have become a part of the Corporate and consumer consciousness.

    As data breaches have become more prevalent and companies are in need of assistance to prepare for and respond to a breach, industry analysts have taken notice of the experts in the marketplace like Experian.

    In its first report on data breach services, we are proud to have been named as a leader in The Forrester Wave™: Customer Data Breach Notification And Response Services, Q3 2015.

    The report by Forrester Research, Inc. covering the customer data breach industry independently evaluated vendors’ current offering, strategy and market presence to score the top players in the market. Each vendor was evaluated in 23 different areas, with Experian scoring the top marks possible in several categories, including response scale, call center, identity monitoring and remediation and credit monitoring and remediation.

    Although it is the first report like it in the industry, Experian has been around awhile serving clients for more than 10 years.

    There has been a lot of change since the market has matured, including the magnitude of breaches affecting now millions of people, the growth of a new industry in cyber insurance, and the vital need for consumers to have identity theft protection.

    On the topic of protection, the best type has fallen into debate, which has been a disservice to consumers in this age of data proliferation and breaches. Any time personally identifiable information (PII) has been exposed can possibly lead to identity theft and fraud so the most beneficial course of action is to enroll in identity theft protection, which includes credit monitoring.

    This provides consumers with alerts if there is a change in their credit report such as a new account opened in their name. If the individual feels it is fraudulent, they can seek assistance from a fraud resolution agent to rectify the situation and remove the account from their report.

    Over the course of a decade in business, millions of consumers have benefited from our ProtectMyID® product, and we are pleased it received a 5 out of 5 score in the report.

    However, while accolades are appreciated, our milestones speak for themselves with nearly 15,000 data breaches and more than 170,000 fraud cases handled to date. For more information on Experian Data Breach Resolution, visit Experian.com/databreach.

  • National Data Breach Study Reveals Payment System Innovation Outpaces Security

    Payments Report Cover2

    In the wake of some of the largest data breaches in history, which were specifically payment card breaches, we thought it would be insightful to take a closer look at how companies are dealing with the aftermath.

    We are proud to partner with the Ponemon Institute, a premier research think tank, to release the first industry study that closely examines payment technologies and the growing threat of data breaches.

    The study, Data Security in the Evolving Payments Ecosystem,” asked professionals to weigh in on several topics including who should be responsible for securing payment systems and how effective their organizations is in preparing for and responding to a payment card breach.

    New technologies bring consumer convenience and increased security concerns

    Executives are feeling the challenges of keeping up with the security of emerging systems. While most executives support implementation of EMV chip and PIN technology, for example, with 59 percent of survey respondents indicating it is an important part of their organization’s payment strategy, they do not feel it is the security silver bullet.

    Barely more than half of respondents (53 percent) believe EMV cards will decrease the risk of a data breach.

    However, companies are pressured to integrate new systems acknowledging consumer convenience and preferences. More than half accept that risk (53 percent) and noted that, for their company, customer convenience is more important than security.

    Reality has set in

    The recent high profile data breaches have had a profound effect on business and they now realize how devastating a breach can be on company reputation and loss of revenue.

    In fact, a majority of survey respondents (69 percent) are most concerned about loss of customer loyalty after a data breach and fraudulent charges on customers’ payment cards (55 percent). In looking inward, they also do not feel their company is effective in responding to payment card breaches (35 percent).

    On the right track

     It seems not a day goes by without the media reporting on a data breach. This has had an effect as 69 percent of survey respondents said media coverage of payment breaches over the past year caused their organizations to re-evaluate and prioritize security.

    It’s encouraging to see that this is leading to action; companies are seeing increased attention from the c-suite, with 67 percent of survey respondents saying their executives are more supportive of enhanced security measures to protect payment information. Furthermore, 45 percent of survey respondents increased their security budgets, and 41 percent hired more security staff.

    Industry collaboration is lacking

    While companies are doing more, they realize there is still even more to be done. Sixty-five percent of survey respondents said they are increasing employee training (65 percent) and improving or putting a data breach response plan in place (56 percent of survey respondents).

    Payment professionals also recognize that solving current and emerging security concerns can’t be the job of a single entity. There is consensus on the need for cooperation, with 85 percent of survey respondents agreeing that industry collaboration is critical to achieving a high level of security in the emerging payment ecosystem.

    And there is certainly room to grow, as the current level of industry collaboration is considered minimal (30 percent of respondents) to nonexistent (20 percent) by survey respondents.

    The security outlook for all those organizations involved in the payment ecosystem is mixed.  It will be challenging to constantly keep up the pace with new technologies and ward off cybercriminals 24-7, while satisfying consumers who value the benefits of emerging systems.

    The best path forward for companies is to face the issue head on and prepare for the inevitable data breach and their incident response to mitigate the fallout.

    To access the full report, Data Security in the Evolving Payments Ecosystem, visit Experian.com/databreach.

     

  • Turning Insights into Action for Successful Data Breach Preparedness

    The growing prevalence of widely publicized data breaches is sparking a change in the attitudes of business leaders and consumers when it comes to cybersecurity.

    Board members and the C-suite can no longer ignore the drastic impact a data breach has on company reputation, and consumers are demanding more communication and remedies from businesses after a data breach occurs. As a result, the topic is a high priority facing businesses and regulators in 2015.

    The Experian Data Breach Resolution group serviced more than 3,000 breaches in 2014, the most in more than a decade of handling breach resolution. While our data breach services and identity protection products assist companies after a breach has occurred, our experience and insights help companies beforehand to plan and better protect their reputations in the aftermath.

    Today, it’s not just about upgrading your security technologies. What can benefit companies the most is learning from others – both best practices and their mistakes in handling a breach. It’s the small nuances that make a big difference, such as when to communicate the breach news and what to include in the notification to affected parties. Another important step is to keep abreast on what is happening in the cybersecurity industry from the latest malware to hit or what is the best identity protection product on the market for consumers. Knowing what’s coming, including regulatory changes, can impact the development of a response plan, too. That’s one reason resources, such as our 2015 Second Annual Data Breach Industry Forecast, are valued by companies striving to stay ahead of the curve.

    The paper addresses a number of risks that companies should be aware of, such as the increasing use of the cloud, lack of employee security training and the fresh breach “surface” created via the Internet of Things. My comments and predictions are meant to be a guiding light for our clients and others to use in advocating preparedness as they lead their organizations into the New Year.

    ”Insights into Action” is a mantra we follow, as well. As we noticed payment card breaches increasing in frequency and volume, we assessed how our products might provide even more robust protection to breach victims. This led to our collaboration with BillGuard, a mobile app for payment card monitoring that is now part of our Experian’s ProtectMyID® suite of features.

    Delivering valuable information and data to empower and drive businesses is the core of what we do at Experian. Our Data Breach Industry Forecast is a great example of that, and I encourage you to take action – and download it.