The content of this article is provided for informational purposes only. You should always obtain your own independent, tax, financial, and legal advice before making any material decision.
Cybercriminals are constantly looking for data to steal. Without adequate protection, a business’ customer data, financial information, and intellectual property could be at risk.
In 2022 alone, more than 422 million Americans1 and 83% of global businesses2 fell victim to data breaches. For cybercriminals seeking customer payment data, financial services companies and insurance firms are often the prime targets.3
This is far from a minor irritant or inconvenience. According to a report from IBM Security, the average cost of a breach in 2023 was $4.45 million – an all-time high, covering ransomware payments, lost revenue, legal fees, audit costs and more.4 And it’s getting worse – between 2022 and 2023, the cost per breach for businesses with fewer than 5,000 employees increased by a huge 20%.4
Understandably, breaches are a major turn off for consumers: a data privacy platform found that 80% of consumers will disassociate from a brand after a breach.5 As well as losing customer trust, businesses may also face higher borrowing costs, and some could have to raise their prices.
But help is at hand – here’s a few tips on how to prevent data breaches so businesses can be more empowered to prevent data theft.
Robust security infrastructure could help to prevent hackers from accessing sensitive data, help organizations understand and detect threats, and – should the worst happen – provide strong audit trails. Businesses with comprehensive cybersecurity policies and processes and fast detection tools will find it easier to recover faster from a data breach.
Firewalls may be the first line of defense. They can prevent some malicious actors from gaining access to a sensitive data environment. Keeping software up to date, working with reputable third parties, and using intrusion detection systems could also help to make a business more resilient to theft.
The three most common employee mistakes leading to a cyber incident in 2022 were poor password hygiene, misuse of personal email, and oversharing on social media, according to Statista.7 Keeping employees informed may help prevent breaches, particularly by prompting teams to update passwords regularly and to be vigilant against phishing attempts.
Norton cybersecurity claims that a single credit card number can be sold for up to $110 on the dark web.3 Secure payment processing methods could protect customer card data during transactions, reduce identity fraud – and keep customers out of this marketplace.
In 2023, cybercriminals accessed four years’ worth of customer purchase data stored by a retailer.8 Breaches of this scale highlight the importance of a data handling and storage policy; data is safest when encrypted, tokenized, and erased after a specific time period to reduce risk, as IBM shows.4
Harvard reports that over 80% of data breach methods require an external actor.2
Effective access controls include two-factor authentication, audit trails, and role-based permissions. A recent study states that nearly two-thirds of financial services businesses have more than 1,000 sensitive files accessible to all staff, with retailers facing similar risks through third-party POS systems and sales apps.10
Businesses could discourage hackers from exploiting vulnerabilities in outdated software by keeping digital environments up to date. Updating and patching systems is a Payment Card Industry Data Security Standard (PCI DSS) requirement - this includes browsers, firewalls, applications, software, databases, POS systems, and operating systems.
Another PCI DSS requirement is the continuous monitoring of data environments. This includes intrusion detection, threat detection, and real-time event monitoring. According to IBM, businesses using AI and automated security solutions could detect data breaches as many as 108 days faster than businesses that don’t.4
A well-defined incident response (IR) plan may help organizations restore data, repair damage to systems, and identify the source of a breach. IBM’s research shows organizations with an IR plan and a dedicated IR team identified breaches 54 days faster than other businesses, a faster pace that reduced the cost of a data breach by an average of $232,008.4
If a data breach does occur, some courses of action to be taken is to:
When a vendor or service provider is hacked, the businesses it works with are also at risk. Third-party risk data reveals that retailers of all sizes could be vulnerable.8
To prevent this, businesses could set clear expectations for how data will be stored and managed, continually monitor the activity of third parties, and choose vendors that independently verify and test their security environments.
Complying with industry regulations and standards could enhance data breach prevention.
It’s best practice for any business managing customer payment data to comply with the PCI DSS. Merchants may also be subject to other laws and acts, so it’s important to do research.
72% of American consumers surveyed said they would not make a repeat purchase with an online retailer that mishandles their data.9 This wariness is understandable, given the target these businesses can offer hackers seeking payment data.
Merchants could win consumer trust by communicating clear data policies and being transparent about third-party access. Investing in data security could reassure customers that privacy and security are taken seriously.
Explore PayPal’s business solutions to discover how businesses can accept secure payments online and in person, track sales, simplify shipping, and manage risk.
In partnership with three expert business owners, the PayPal Bootcamp includes practical checklists and a short video loaded with tips to help take your business to the next level.
We use cookies to improve your experience on our site. May we use marketing cookies to show you personalized ads? Manage all cookies