The threats posed by cyber attacks and identity theft continue to grow as cyber criminals always seem to be on offense while consumers and insurers are on defense.
A study recently released by Javelin Strategy and Research found that cyber criminals stole more than $16 billion from over 15 million U.S. consumers last year.
A new risk assessment tool, the Identity Threat Assessment and Prediction (ITAP) model developed by the University of Texas at Austin Center for Identity, provides unique insights based on research into the behaviors and methods of identity threats, and aggregates the information to help risk managers assess dangers and vulnerabilities. The information in the ITAP database is collected from news stories and other sources, and the repository currently holds data from more than 5,000 incidents that occurred between 2000 and 2016. Researchers apply a number of analytical tools to this information in order to compare threats, and identify trends and losses.
As a result of their examination of the information, researchers have identified six key takeaways, as well as other data that help to paint a broader picture of the impact of identity theft on consumers and businesses. Here is a look at some of their findings.
1. People make mistakes
The researchers found that human error is a major driver when it comes to identity theft and that hackers frequently exploit vulnerabilities created by mistakes people make. However, approximately 17 percent of the incidents where personally identifiable information (PII) was compromised were termed “non-malicious” or not instigated by hackers, but by individuals without malicious intent.
2. Impact is usually local
Despite the activities of hackers around the globe, the impact of identity theft where PII was compromised seems to be more localized to specific cities, counties, states and regions. The study found that over 99 percent of the cases were limited to either a local geographic area or a particular type of victim. Only 0.36 percent of the theft incidents actually involved the entire country like the Target or Home Depot breaches.
The states with the greatest number of cases of compromised PII were California, Texas, Florida, New York, Georgia, and Illinois according to the ITAP model.
3. The cost is not always monetary
While there are very real financial costs associated with any type of data breach or loss of PII, a larger number of individuals who become victims suffered from emotional stress than those who had actual monetary losses. The University of Texas at Austin researchers found that the “emotional impact is consistently higher than other types of loss.”
The ITAP model identified four different types of loss and the percentages of loss experienced by victims: Emotional distress (72 percent); financial (57 percent); property (56 percent) and reputation (41 percent).
Annual income of the victims doesn’t really seem to come into play either, although 73 percent of adults had their PII compromised as compared to 8 percent of teenagers and 21 percent of seniors.
4. Insiders pose a serious threat
While unknown hackers or foreign countries perpetrate the majority of attacks (62 percent), the researchers found that one-third (34 percent) of the incidents involving compromised PII originated from company employees or family members of affected individuals.
Perpetrators utilize a number of resources to steal the information including computers, databases, computer networks, malware and stolen credit cards. ITAP also differentiates between the various perpetrators involved in identity crimes. Hackers tend to exploit digital or computer-based vulnerabilities, while fraudsters are usually involved in exploiting the information which has been stolen by the actual thieves.
5. Cybersecurity isn’t always the cause
More than 50 percent of the incidents involving identity theft, fraud or abuse identified by the ITAP did not originate from vulnerabilities that were exploited.
Financial losses were associated with particular attributes as part of the ITAP analysis. These were the top five identified: Magnetic stripe ($28.9 million); ATM pin ($24.2 million); fake identification card information ($15.1 million); financial information ($13.7 million) and age ($11.9 million).
6. Identity crime affects all industries
Hackers are indiscriminate when it comes to choosing victims. The ITAP analysis found that a wide range of public and private sectors are impacted with the top five sectors identified as: consumer/citizen; healthcare and public health; government facilities, education and financial services.
The research effort was support by several organizations that focus on cyber protection: LifeLock, TransUnion, Safran, LexisNexis, HID, Generali Global Assistance, and Applied Fundamentals Consulting.