Identity theft is not only a top concern for consumers, it’s a major issue for corporations that handle customer information. Experian Data Breach Resolution commissioned the Ponemon Institute to do a survey of organizations that transfer customer information to third-party vendors in an effort to find out how the information is compromised.
Two-thirds of IT employees surveyed said that data breaches in the companies they worked for had resulted in losing customer data or having it stolen. Types of information lost or stolen at the corporate level included:
- Customer emails – 70%
- Credit card or bank payment information – 45%
- Social Security numbers – 33%
In cases where the companies were able to determine the source of the breach, the following were to blame:
- Negligence of a company insider – 34%
- Outsourcing data to an unreliable third party – 19%
- A malicious company insider – 16%
Responding to data breaches
When it came to responding to a data breach, only half of IT employees surveyed thought their company had made the best possible effort to safeguard their customers’ personal information. But the response was limited. Only a third of those surveyed said their company offered credit-monitoring services to customers whose data had been compromised, and nearly three-quarters of them said their company offered no identity theft protection products or services, such as fraud resolution or alerts.
Keeping information secure
The study provides these recommendations to companies who deal with sensitive customer data and wish to improve their security measures in order to prevent data breaches:
- Educate – Employee training and awareness is paramount in order for companies to effectively implement and enforce security measures.
- Support – Companies must allocate funds as well as time to improving their security policies; an increased security budget will help keep customer information safe.
- Hire – To reduce the negative effects of a security breach, companies must hire legal counsel to assess damage and employ forensic experts.
- Learn – Lessons include limiting the amount of personal information companies collect, limit sharing with third party organizations and limit storage of data.
The study asked 748 employees in the IT departments of different companies about their experience with data breaches. Respondents had an average of ten years or more of IT experience and 735 of them reported to the CIO of their companies.