While the total number of cybersecurity breaches reported in 2016 was down by 4%, compared with the previous year, the number of records lost increased by 86%, compared with the previous year, says cybersecurity firm Gemalto data protection research and development director Joe Pindar.

About 1.378-billion records were stolen during 2016, equal to about 3.77-million a day, or 43 a second, he elaborates. The larger volumes of records lost, coupled with the fact that 68% of attacks are from “malicious outsiders” – or cybercriminals – indicate the impact of criminal networks and that they are becoming more efficient at identifying large databases to attack.

Breach prevention does not constitute an effective defence strategy. Therefore, additional defensive measures, including encryption of data in storage, will mean that breaches that do occur will more often be secure breaches, which are breaches that involve the loss of well-encrypted information and pose a minimal risk to those affected, explains Pindar.

Securing data as part of business processes and according to a well-defined strategy is the most effective cybersecurity defence, says Gemalto Africa regional sales manager Neil Cosser.

Implementing additional measures, such as transaction authentication, behavioural analysis, multiple forms of two-factor authentication and other layered security, is an effective way of improving security for users and providing a good user experience.

“Large repositories of records represent proverbial gold mines for cybercriminals, because they mine the databases of records for high value and high vulnerability targets. “Cybercriminals often sort through the databases by processing the information against other databases, such as determining the average wealth of people and companies by processing known addresses compared to the affluence of residential or commercial areas,” says Pindar.

Worryingly, more than half of the reports about breaches did not include the number of records lost. This illustrates the continuing trend of companies not prepared to be open about breaches, which heightens the risks for companies, clients and individuals whose records have been lost, as they cannot mitigate exposure and risks, says Pindar.

Best practice to protect those affected, whether customers or not, is to be candid and swift in letting them know, as well as advising on the measures they should take to mitigate risks and the actions the breached company is taking, he emphasises.

Swiftly communicating breaches might lead to a dent in a company’s reputation. However, not being honest and being caught out will lead to severe reputational harm. Best practice when dealing with breaches is to communicate effectively and provide details of the types of records lost so that those exposed can take corrective actions.

“A standout example of effective breach management is that of ABTA, in the UK, which communicated with all the affected parties and also set up a helpline where they could get information and advice, and detailed the additional measures ABTA put in place.”

Compared to other publicised breaches where companies did not voluntarily disclose or belatedly disclosed the breach, the incident passed after two days as a result of their effective response without lasting impact to the brand, he says.

A company that did not respond effectively lost a third of their clientele, as a result of damage to the brand and a loss of trust, concludes Pindar.