The threats posed by cyber attacks and identity theft continue togrow as cyber criminals always seem to be on offense whileconsumers and insurers are on defense.

A study recently released by Javelin Strategy and Research found that cybercriminals stole more than $16 billion from over 15 million U.S.consumers last year.

A new risk assessment tool, the Identity Threat Assessment andPrediction (ITAP) model developed by the University of Texasat Austin Center for Identity, provides unique insights basedon research into the behaviors and methods of identity threats, andaggregates the information to help risk managers assess dangers andvulnerabilities. The information in the ITAP database is collectedfrom news stories and other sources, and the repository currentlyholds data from more than 5,000 incidents that occurred between2000 and 2016. Researchers apply a number of analytical tools tothis information in order to compare threats, and identify trendsand losses.

As a result of their examination of the information, researchershave identified six key takeaways, as well as other data that helpto paint a broader picture of the impact of identity theft onconsumers and businesses. Here is a look at some of theirfindings.

Related: Cyber readiness: Are your clientsprepared?  

(Photo: Shutterstock)

1. People make mistakes

The researchers found that human error is a major driver when itcomes to identity theft and that hackers frequently exploitvulnerabilities created by mistakes people make. However,approximately 17 percent of the incidents where personallyidentifiable information (PII) was compromised were termed"non-malicious" or not instigated by hackers, but by individualswithout malicious intent.

Related: Evolving cyber concerns create gaps in homeowners'coverage

(Photo: Shutterstock) 

2.  Impact isusually local

Despite the activities of hackers around the globe, the impactof identity theft where PII was compromised seems to be morelocalized to specific cities, counties, states and regions. Thestudy found that over 99 percent of the cases were limited toeither a local geographic area or a particular type of victim. Only0.36 percent of the theft incidents actually involved the entirecountry like the Target or Home Depot breaches.

The states with the greatest number of cases of compromised PIIwere California, Texas, Florida, New York, Georgia, and Illinoisaccording to the ITAP model.

Related: 5 trends and factors that continue to impactcybersecurity in 2017

(Photo: Shutterstock) 

3.  The cost is notalways monetary

While there are very real financial costs associated with anytype of data breach or loss of PII, a larger number of individualswho become victims suffered from emotional stress than those whohad actual monetary losses. The University of Texas at Austinresearchers found that the "emotional impact is consistently higherthan other types of loss."

The ITAP model identified four different types of loss and thepercentages of loss experienced by victims:  Emotionaldistress (72 percent); financial (57 percent); property (56percent) and reputation (41 percent).

Annual income of the victims doesn't really seem to come intoplay either, although 73 percent of adults had their PIIcompromised as compared to 8 percent of teenagers and 21 percent ofseniors.

Related: Not all data breaches are createdequal

(Photo: Shutterstock)

4. Insiders pose a seriousthreat

While unknown hackers or foreign countries perpetrate themajority of attacks (62 percent), the researchers found thatone-third (34 percent) of the incidents involving compromised PIIoriginated from company employees or family members of affectedindividuals.

Perpetrators utilize a number of resources to steal theinformation including computers, databases, computer networks,malware and stolen credit cards. ITAP also differentiates betweenthe various perpetrators involved in identity crimes. Hackers tendto exploit digital or computer-based vulnerabilities, whilefraudsters are usually involved in exploiting the information whichhas been stolen by the actual thieves.

Related: Accenture says one-third of corporate cyber attackssucceed

(Photo: Shutterstock) 

5. Cybersecurity isn't alwaysthe cause

More than 50 percent of the incidents involving identity theft,fraud or abuse identified by the ITAP did not originate fromvulnerabilities that were exploited.

Financial losses were associated with particular attributes aspart of the ITAP analysis. These were the top five identified:Magnetic stripe ($28.9 million); ATM pin ($24.2 million); fakeidentification card information ($15.1 million); financialinformation ($13.7 million) and age ($11.9 million).

Related: Hackers are targeting your smartdevices

(Photo: Shutterstock) 

6. Identity crime affects allindustries

Hackers are indiscriminate when it comes to choosing victims.The ITAP analysis found that a wide range of public and privatesectors are impacted with the top five sectors identified as:consumer/citizen; healthcare and public health; governmentfacilities, education and financial services.

The research effort was support by several organizations thatfocus on cyber protection: LifeLock, TransUnion, Safran,LexisNexis, HID, GeneraliGlobal Assistance, and AppliedFundamentals Consulting.

Related: Cyber crime: How architects, engineers andcontractors may be at risk