The massive data breach recently suffered by Target is a prime example of the consequences organizations face when confidential information is either lost or stolen. Not only did it impact sales during the crucial holiday shopping period, but it also shook the confidence of many of the retailer’s loyal customers. The retail giant could also take a substantial financial hit. According to USA Today, multiple class-action lawsuits have already been filed against Target as a result of the breach and attorney generals in at least four states have asked the company for more information about the incident.
Of course, the theft of debit and credit card information from Target was just one of numerous data breaches that occurred last year. When it comes to 2014, however, the outlook for the impact and scope of data breaches appears to be mixed, according to a whitepaper published last month by Experian Data Breach Resolution. “In terms of this study, we felt we were in a good position to go ahead and provide some commentary on 2014 because we had another record year for number of incidents that we actually serviced,” said Michael Bruemmer, the company’s vice president.
Here are six data breach trends that Bruemmer and his team at Experian expect to see in 2014:
1. Data breach costs to decline.
Bruemmer said he believes that the costs of data breaches will continue to go down this year due to what he calls the three “I’s”: Increased awareness, increased preparedness and the influence of market demand.
“Recently we saw a study that was done by Dell SecureWorks where they found that in 2012, the cost of a full identity went down from about $40 to about $28,” he explained. “On the black market, people that are able to buy and sell identities just aren’t getting as much money as they were a year ago.”
2. Will the combination of the cloud and big data result in more international data breaches?
Because of the expansiveness of big data around the world and more international operations by U.S. companies, Bruemmer believes that the industry will see an increase in international incidents.
“At the same time, you’re also going to have the new regulations that the EU is working on… and there are two features that we’re watching very closely,” he said. “What’s going to be the time for notification and is it going to be as short as five days as is what is being proposed to the data protection authority and to affected parties, and then also the impact if you get fined for not meeting those guidelines. The talk that it may be a fine of up to two to five percent of worldwide revenue for an international company, which is very significant, will get people’s attention.”
3. Potential floodgates open to healthcare breaches.
Given the amount of media coverage about the lack of safeguards surrounding the new online healthcare exchange that was created late last year as a result of the implementation of the Affordable Care Act, Bruemmer believes that this is an area that people should pay close attention to in 2014. One of the problems, according to Bruemmer, is the sheer number of people that will be putting their personal information into the website.
“There have been reports that the data is not as secure as what people had hoped and these are reports even from the Center for Medicare and Medicaid Services,” he added.
Bruemmer said that between 45 and 50 percent of all incidents they service at Experian occur within the healthcare sector.
“The best advice that we give everybody is to have an incident response plan in place because it’s really not a question of if you’re going to have a data breach, but when will it occur,” he said. “Where we’ve seen clients have an incident response plan in place or as required by HIPAA and HITECH… we’ve seen organizations are much better prepared to react to that incident and respond accordingly.”
4. Surge in adoption of cyber insurance.