Boosting data-breach resilience through identity protection for staff and customers
The growing risk of insider fraud
As widely predicted, the risk posed to businesses by insider fraud is growing fast. Even before the advent of generative AI, PwC was reporting that 57% of fraud was committed by company insiders[1]. These cases include both intentional data theft and inadvertent data breaches, originating from phishing attacks, social engineering and compromised employee credentials.
Rise of AI exacerbates insider fraud risk
In early 2024, a report from Adecco Group revealed that 70% of employees were now using generative AI at work[2]. Concerningly, only 43% of C-Suite executives believe their leadership team has sufficient expertise to understand the risks and opportunities of AI. Without proper governance and safeguards, AI represents a considerable area of risk for businesses. Employees who master AI could harness the technology to commit more widespread internal fraud, while criminals using advanced AI will be able to mount increasingly difficult-to-detect attacks on companies and their employees.
While employees pose a significant potential fraud risk to businesses, they also represent the first line of defence against cyber-attacks and data breaches. Protecting your employees’ identities plays a key role in reducing data breach risk and we are increasingly working with HR teams to help them improve their employee welfare and benefit schemes to better support employees. When you consider that 82% of data breaches involve a human element such as phishing, stolen credentials, or social engineering tactics, the direct connection between employee identity theft and business vulnerabilities, cannot be ignored.
As the threat of data breaches grows, employees have a central role to play in maintaining robust cyber-defences at the companies where they work. If employees understand how to safeguard their own sensitive data, identify phishing attacks and deflect social engineering attempts, they can contribute significantly to protecting businesses against malicious hackers and data breaches.
Equip employees to protect themselves – and your business
At Experian, we are seeing organisations increasingly recognising the value of educating employees in basic security practices and fraud prevention. Helping staff to protect themselves against fraud often involves quite simple insights, such as knowing that it’s safer to use a credit card than a debit card due to the additional protections provided. Or that clicking on links in social media or using QR codes to access services is risky. There’s a great temptation to use these ‘frictionless’ methods, but such quick links are prone to tampering by hackers. Instead, people should choose slightly less frictionless but more secure options, such as accessing websites directly from web browsers.
As well as providing training, companies are enhancing their employee benefits packages with services to help people protect their own identity, data and systems. These may include real-time credit-monitoring services that tracks changes to credit reports and warns of any potential fraud or identity theft, alerts of suspicious activity on personal accounts, data and device protection systems and fraud-resolution services for affected employees. Such services like Experian Identity Plus empower employees to protect themselves and their data, as well as provide mechanisms for detecting potential breaches and resolving issues before they escalate.
An educated workforce that understands how to protect personal data is a valuable asset in protecting business data and systems. Offering credit-monitoring and identity-protection services as an additional employee benefit is relatively inexpensive for businesses – yet it can have a big impact on reinforcing cybersecurity defences, and enhancing employee well-being. Providing these services for employees also presents evidence to regulators, as well as business partners and supply chains, that you’re taking active measures to tackle fraud and prevent data breaches.
Added-value fraud-prevention services are a win-win
The drive to better protect people – both employees and customers – is growing fast in the market. Fraud-prevention and credit-monitoring services are now being offered by many businesses to their customers, as an added-value service. These services are particularly relevant to big-ticket purchases such as car purchases, where finance may be required.
By offering fraud-prevention and identity protection services as an add-on to major purchases, companies can give customers greater confidence in their transactions, build trust and engender brand loyalty. It’s also an important way for businesses to protect their own systems against fraud originating from customers – so it’s a win-win for businesses and consumers alike. The growing consumer interest in data security and credit protection also means that these add-on services could become a valuable differentiator for brands in the market.
Build security capabilities to thwart the fraudsters
With the rise of AI presenting an increased threat to companies from both inside and outside of the business, leaders need to be on top of the risks and implement appropriate measures to tighten security. Education has a key role to play in helping individuals reinforce their defences against fraudsters and AI-powered hackers. Whether those individuals are employees or customers, businesses can reap the benefits by providing fraud-prevention services to strengthen protections across the board.
How can we help?
Experian offers a range of identity-protection and credit-monitoring services that businesses can offer to their staff as employee benefits, or to customers as added-value services.
To find out more, please contact us via email or call 0844 4815 888 to talk to our team about our Employee Benefit solutions, available, including Identity Plus.
Further reading
Crisis response
This white paper presents the experiences of businesses and individuals during the 18 months up to December 2021, the subsequent response and outcomes.
Pre-breach readiness agreements: The key to cybersecurity compliance
Discover how pre-breach readiness helps businesses meet new cybersecurity regulations, reduce risk, and improve crisis response.
Why it’s essential to put your consumer response plan to the test
Why understanding the implications of a data breach and its impact on your organisation is an important first step in developing a response plan.
How to understand the true implications of a data breach for your organisation
Communicating with customers, handling queries and allocating sufficient resources. Why is it better to be proactive rather than reactive to a data breach?
Quiz: What do you know about fraud at Christmas?
Think you know why your business needs to remain vigilant against fraud this Christmas? Have a go at our identity fraud quiz.
New account opening fraud: How to protect your business
Your complete guide to account opening fraud. Learn what it is, how it can impact your business, and the ways you can prevent it.
FRAML: Your complete guide
Understand FRAML and how this holistic approach to fraud and money laundering can help your business fight financial crime.
Identity crisis: Restoring customer trust in the deepfake era
Businesses are feeling less confident about their ability to identify customers online as advancements in AI fuel opportunities for fraudsters.
UK Fraud and FinCrime Report 2024
This year's report explores the concerns, preferences and needs of today's digital consumers and their online experiences. Download now.
Five key strategies for enhancing your identity and fraud capabilities in 2022
What fraud prevention strategies can you implement, while ensuring that customer experiences are always as engaging as possible?
[1] Global Economic Crime Survey 2024 PwC
[2] Navigating the AI Revolution and the Shifting Future of Work The Adecco Group