As technology continues to permeate every aspect of our lives, data breaches have become an ever-growing threat for organisations across the UK, with regular news of high profile brands having been targeted by cyber criminals.[i]
TransUnion’s latest research reveals the extent of the problem today – showing that individual organisations are fighting off more than 500 cyber attacks each year and spending an average of £600K annually on protection, defence and response to cyber threats.[ii]
Consequences of a data breach can be significant and long-lasting. Financial loss is just a tip of the iceberg – businesses can also suffer from diminished trust and loss of customer loyalty, leading to a decline in sales and longer term impact on their bottom line.
So, how can organisations prepare to protect themselves and their customers? And what does the future hold for data breach threats?
Addressing the most prevalent threats
Our report revealed that phishing – tricking users into providing sensitive information or clicking on malicious links – is seen as the most likely data breach risk in the coming years by nearly half (47%) of UK businesses.ii
Rather than focusing on a particular target, basic phishing casts a vast net by using tools such as emails with malicious attachments included, social media messages, SMS, phone calls, and even creating fake websites for companies and organisations.
And, thanks to the sophistication of cyber criminals, phishing attacks can seem entirely genuine. For example, a phishing attack on a financial institution could lead to consumers receiving fraudulent emails which have all the hallmarks of being an authentic brand communication. It means that businesses and employees need to be alert to the techniques cyber criminals might use, and continually on the lookout for anything that doesn’t seem right.
Another key concern for businesses in all sectors is the rise of hybrid and remote working. With more employees working from home, there is a lower level of oversight on security which can make it easier for cyber criminals to exploit vulnerabilities. This lack of physical security and on-site expertise, coupled with the rise of remote access to company networks and data, makes companies more susceptible to cyber attacks when they move towards a hybrid or remote workforce.
Linked to the rise of hybrid working, our increased reliance on cloud-based infrastructure to collaborate and communicate was named as a top future risk by 35% of IT professionals.ii While of course, cloud computing has many benefits, such as increased flexibility, improved scalability and cost-effectiveness, the centralised nature of cloud systems makes them a prime target for cyber criminals looking to gain access to sensitive information.
IoT (Internet of Things) devices and networking were also cited as a concern over the next five years by a third (33%) of IT professionals.ii These devices, such as smart sensors, vehicles and industrial equipment, are becoming increasingly prevalent not only in homes but also in offices.
Worryingly, some of them may lack proper security measures, making them easy targets for hackers. The same devices can also be used to launch attacks on other parts of an organisation's network – resulting in the compromise of sensitive information and the disruption of essential business operations.
The potential for human error
It’s also worth noting that human error is likely to continue to be a major factor in multiple types of data breaches.[iii] A simple mistake, such as an employee inadvertently sharing sensitive information, can have serious consequences for a company and its customers.
To help mitigate risks, businesses of all sizes should focus on employee education and awareness. Providing regular training on security best practices and simulated phishing exercises can help employees to identify and resist social engineering attacks, such as clicking on malicious "forgot password" buttons on websites when logging in.
Creating and maintaining a culture of security within an organisation can also help to ensure that employees understand the importance of security and are motivated to take the necessary steps to protect sensitive information. It’s important that staff at all levels – and from all departments – understand the possible consequences of data breaches.
Protecting against data breaches
Of course, it's impossible to predict everything that the future holds for data breach threats. However, by understanding the potential risks and taking steps to protect against them, businesses can minimise the impact of a data breach and retain the trust of their customers.
Central to responding to potential threats is having a robust incident response plan in place – which addresses the potential for human error as well as technological factors. This plan should include procedures for identifying and responding to security breaches, as well as measures for notifying customers and protecting their personal data.
Regular security audits and risk assessments are essential in helping to identify and mitigate potential security vulnerabilities before they are exploited. Additionally, offering consumers tools like TransUnion’s TrueIdentity to get their credit information, alerts and dark web monitoring can empower them to spot potentially fraudulent activity and safeguard their identity in the event of a data breach.
Finally, it’s crucial for businesses to consider the reputational impact of a data breach – which can significantly damage trust amongst a customer base. But, by taking proactive measures to secure sensitive information and being transparent about the steps taken in the event of a breach, companies can maintain the trust and confidence of their valued customers.
[i] 10 of the Biggest Data Breaches of 2022, January 2023, Danet Technology
[ii] Based on research conducted on behalf of TransUnion, between 27 October and 2 November 2022, among a sample of 500 IT professionals working in UK businesses across a range of sectors including banking/finance, information, insurance, law, retail, construction, manufacturing and more
[iii] Human Error is Responsible for 82% of Data Breaches, July 2022, GRC eLearning Blog