Identity theft is still a national and international challenge for consumers and criminals alike. Companies are in a race to catch up with criminals and the legal system is far behind.
According to the 2019 Identity Fraud Study from Javelin Strategy & Research, the number of consumers who were victims of identity fraud fell to 14.4 million in 2018, down from a record high of 16.7 million in 2017. However, identity fraud victims in 2018 bore a heavier financial burden: 3.3 million people were responsible for some of the liability of the fraud committed against them, nearly three times as many as in 2016.
Consumers are also finding out that their out-of-pocket costs to recover losses and pursue the legal processes needed are going up. Criminals are also a step ahead of fraud detection mechanisms implemented by many companies. The shift to embedded chip cards is helping to contain existing card fraud, which showed the steepest decline of any fraud type in 2018, with losses at $14.7 billion in 2018, down from $16.8 billion in 2017.
As businesses increasingly depend on computer networks on a daily basis to manage every aspect of their business, online data transfers and storage is growing and the risk of hacking is growing as well. Therefore, interest in cyber insurance and cyber risk continues to grow as a result of high-profile data breaches and awareness of the almost endless range of exposures businesses face. In 2019 the worst data breaches were the Capital One Financial Corp. breach in July that exposed 100 million records and the October Adobe Creative Cloud breach that exposed 7 million users. In 2017 the largest U.S. credit bureau, Equifax Inc., suffered a breach that exposed the personal data of 145 million people, including Social Security numbers. It was among the worst breaches on record because of the amount of sensitive information stolen. In 2019, ransomware attacks—a type of malware that denies access to an organization’s system—more than doubled from 2018. On average, in 2019 an organization fell victim to ransomware every 14 seconds. Also troubling is that while more organizations purchase insurance to protect against the risk, ransom demands grow larger as attackers realize that the company can meet these demands.
In the first half of 2020, the ITRC tracked 540 breaches that impacted 164 million people. The number of breaches was below the first half of 2019 when there were 811 breaches, but fewer people—493 million—were impacted. External threats totaled 404 in the first half of 2020, compared with 588 in the first half of 2019 while threats that were internal, and were from employees totaled 83, compared with 126 in the first half of 2019. There were 53 threats from third-party contractors, compared to 89 in the first half of 2019. According to the Identity Theft Resource Center, the COVID-19 pandemic and the resulting increase in people working from home may be a factor in the decrease in breaches as employees have less access to Personal Identifiable Information (PII) and employers are especially vigilant against identity theft. People are still vulnerable because criminals are using the billions of PIIs stolen over the past five years to commit various acts of fraud.
This is all to say that despite the fact that many companies are investing heavily in cyber security, the hacks keep going up and the risk is much higher than ever before. Cyber insurance evolved as a product in the United States in the mid-to-late-1990s as insurers have had to expand coverage for a risk that is rapidly shifting in scope and nature.
Businesses are increasingly more concerned about cyber incidents. Yet, most businesses do not currently have cyber insurance. Some businesses do not even know whether their insurance facilitates cyber insurance coverage or not. Others just minimize the risk and think they have no vulnerability simply because they conduct their business physically. But even the off-line businesses are at risk, they use email and manage their customers in a database or take credit card payments … etc. All these simple business transactions represent a huge cyber vulnerability that makes the business liable for any breach of data.
Here are some numbers from the Insurance Institute that show the growing ID theft risk and complaints: