Data breaches are a real possibility for any business; with recent high-profile cases highlighting the repercussions they can have on your customers and brand. In the event of a breach, being well prepared puts you in a better position to respond rather than react. Timothy Walsh, Senior Director of Data Breach Services, explains how an effective breach response strategy can help reduce the impact of a security incident and maintain trust in your brand.
Just a few years ago, the only cybersecurity issue in the public eye was clicking a suspicious link that may trigger a virus. In today’s digital world, the global threat landscape includes sophisticated attack methods such as social engineering, ransomware, cracking and manipulating the Internet of things, all which leave organizations vulnerable to new types of risk.
It’s no longer enough to focus on trying to prevent unintentional access or exposure of proprietary systems or confidential information. As noted in our previous blog, organizations should leverage a comprehensive solution to proactively manage a data breach—and its potential outcomes— more efficiently and effectively.
If a breach occurs, timing is important, and taking a reactive approach to data breaches can be detrimental to your business. Being prepared puts you in a stronger position to protect your customers and ensure ongoing trust in your brand, not to mention helps to reduce financial losses: Global research has shown organizations that have a data breach response plan in place save an average of $340,000 USD per incident1.
Globally, the average time taken to identify a data breach is 196 days (over 6 months). Once organizations identify a breach, they must decide how to respond – the sooner you can contact and assist your customers, the better. While each incident is unique and requires a tailored response, it can be beneficial to prepare your organization’s response plan and have processes and partnerships in place to help you reduce the potential impacts to customers where necessary.
You should also consider educating your customers about managing their credit, preventing the compromise of their identity, and getting the help they need if they become a victim of fraud or identity theft. Online resources can be very helpful, in addition to having knowledgeable and credible partners who can answer queries and support customers throughout the remediation process on behalf of your organization. This could take several months, so you should assess the impact on your day-to-day operations if you choose to run this process internally.
Risk scores and credit reports
There may be a significant lag between a breach occurring and your organization becoming aware of it, then notifying customers and engaging them in a remediation program. In the early stages, a consumer’s credit score and credit report can be useful to the remediation process.
For example, TransUnion’s CreditVision® Risk Score shows different factors that affect the consumer’s score in a way that’s easy to understand. Activities such as an increase in credit inquiries or the opening of new credit accounts (tradelines) may produce a corresponding drop in the score and prompt investigations.
Credit reports provide further insight giving consumers a snapshot of their credit information across tradelines, as well as a view of their credit and payment history. They allow consumers to monitor for fraudulent activity on their file prior to having access to a credit monitoring solution. For this reason, TransUnion’s data breach protection solutions give consumers unlimited access to their credit score and credit report, both of which are updated daily.
Ongoing credit monitoring can be beneficial during the remediation stage. Consumers are alerted to key changes on their credit report (such as, new credit inquiries, new accounts being opened, delinquency or derogatory payment behaviour, etc.), empowering them to quickly identify and inquire about activities which may indicate a case of fraud or identity theft. TransUnion’s breach protection solutions also include ”monthly credit alert summary” notification—confirming that no key changes have taken place on the consumer’s credit report over the last 30 days.
Regardless of the demographic or scale of the incident, a comprehensive, flexible data breach response solution can help protect your customers and reputation, mitigate potential damages, and rebuild trust and confidence with potentially impacted consumers.
Introducing TransUnion® myTrueIdentity
TransUnion's myTrueIdentity platform allows consumers to access their credit information and offers specific features to help safeguard their identity in response to the potential compromise of information involved in a data breach.
1Unless stated otherwise, all statistics and figures in this article are from the 2018 IBM Cost of a Data Breach Study: Global Overview. by IBM Security, www.ibm.com/Security/DataBreach. Figures are listed in USD.