Facts + Statistics: Identity theft and cybercrime

Facts + Statistics: Identity theft and cybercrime

The scope of identity theft

The 2017 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen from 15.4 million U.S. consumers in 2016, compared with $15.3 billion and 13.1 million victims a year earlier. In the past six years identity thieves have stolen over $107 billion.

Following the introduction of microchip equipped credit cards in 2015 in the United States, which make the cards difficult to counterfeit, criminals focused on new account fraud. New account fraud occurs when a thief opens a credit card or other financial account using a victim’s name and other stolen personal information.

Identity theft and fraud complaints

The Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), tracks consumer fraud and identity theft complaints that have been filed with federal, state and local law enforcement agencies and private organizations. Of the 3.1 million complaints received in 2016, 1.3 million were fraud-related, costing consumers over $744 million.  The median amount consumers paid in these cases was $450. Within the fraud category, debt collection complaints were the most reported and ranked first among all 30 types of complaints identified by the FTC.  They accounted for 28 percent of all the complaints reported to the FTC and 66 percent of all fraud complaints. In 2016 thirteen percent of all complaints were related to identity theft.  Identity theft complaints were the third most reported to the FTC and had increased by more than 47 percent from 2013 to 2015 but fell about 19 percent from 2015 to 2016.

Identity Theft And Fraud Complaints, 2013-2016 (1)

 

How Victims' Information Is Misused, 2016 (1)

(1) Percentages are based on the total number of identity theft complaints in the Federal Trade Commission’s Consumer Sentinel Network (399,225 in 2016). Percentages total to more than 100 because some victims reported experiencing more than one type of identity theft.
(2) Includes fraud involving checking, savings, and other deposit accounts and debit cards and electronic fund transfers.

Source: Federal Trade Commission.

View Archived Tables

 

Identity Theft By State, 2016

(1) Population figures are based on the 2016 U.S. Census population estimates. (2) Ranked per complaints per 100,000 population. The District of Columbia had 198.5 complaints per 100,000 population and 1,352 victims.

Source: Federal Trade Commission, Consumer Sentinel Network.

 

Top 10 Writers Of Identity Theft Insurance By Direct Premiums Written, 2016 (1)

($000)

(1) Includes stand-alone policies and the identity theft portion of package policies. Does not include premiums from companies that cannot report premiums for identity theft coverage provided as part of package policies.
(2) Direct premiums written in the U.S. and its territories, Canada and other foreign territories.

Source: NAIC data, sourced from S&P Global Market Intelligence, Insurance Information Institute.

 

Cybercrime

As businesses increasingly depend on electronic data and computer networks to conduct their daily operations, growing pools of personal and financial information are being transferred and stored online. This can leave individuals exposed to privacy violations, and financial institutions and other businesses exposed to potentially enormous liability if and when a breach in data security occurs.

Interest in cyber insurance and risk continues to grow as a result of high-profile data breaches and awareness of the almost endless range of exposure businesses face. A 2016 data leak, called the Panama Papers in the media, exposed millions of documents from the electronic files of Panamanian law firm Mossack Fonseka. In 2015, two health insurers, Anthem and Premera Blue Cross, were breached, exposing the data of 79 million and 11 million customers, respectively. The U.S. government has also been the target of hackers. Recent breaches at the Federal Deposit Insurance Corp. and the Internal Revenue Service follow multiple breaches in May 2015 of the Office of Personnel Management and the Department of the Interior where the records of 22 million current and former U.S. government employees were compromised.

Cyberattacks and breaches have grown in frequency, and losses are on the rise. Breaches hit a new record in 2016, soaring to 1,093, up from 780 on 2015, but the number of records exposed fell to about 37 million from 169 million in 2015. The majority of the data breaches in 2016 affected the business sector, with 494 breaches or 45.2 percent of the total number of breaches. Medical/healthcare organizations were affected by 377 breaches (34.5 percent of total breaches) while the education sector sustained 98 breaches (9.0 percent of all breaches) and government/military breaches totaled 72  (6.6 percent), according to the Identity Theft Resource Center.

The Center says there have been 1,339 breaches in 2017 so far (as of December 27), surpassing the 2016 record of 1,093 breaches. There were 174 million records exposed so far in 2017. The business sector accounted for 51 percent of the 2017 breaches and 91 percent of records exposed. These figures do not include the many attacks that go unreported. In addition, many attacks go undetected.

In 2014 McAfee and the Center for Strategic and International Studies (CSIS) estimated annual global losses from cybercrime fall between $375 billion and $575 billion. The costs of cybercrime are growing. An annual study of U.S. companies by the Ponemon Institute cites estimated average costs at $15 million in 2015, up 21 percent from $12.7 million in 2014. These costs ranged among the 58 organizations surveyed from a low of $1.9 million to a high of $65 million each year per company. Cyber insurance evolved as a product in the United States in the mid- to late-1990s as insurers have had to expand coverage for a risk that is rapidly shifting in scope and nature. More than 60 carriers offer stand-alone policies in a market encompassing $2.75 billion in gross written premiums in 2015. By mid-2016 gross premiums written was estimated at $3.25 billion.

 

Number Of Data Breaches And Records Exposed, 2007-2016 (1)

(1) As of January 18, 2017.

Source: Identity Theft Resource Center.

 

Cybercrime Complaints, 2012-2016 (1)

(1) Based on complaints submitted to the Internet Crime Complaint Center.

Source: Internet Crime Complaint Center.

 

Top 10 States By Number Of Cybercrime Victims, 2016

(1) Based on the total number of complaints submitted to the Internet Crime Complaint Center via its website from each state and the District of Columbia where the complainant provided state information.

Source: Internet Crime Complaint Center.

 

Top 10 Writers Of Cybersecurity Insurance By Direct Premiums Written, 2016 (1)

($000)

(1) Includes stand-alone policies and the cybersecurity portion of package policies. Does not include premiums from companies that cannot report premiums for cybersecurity coverage provided as part of package policies.
(2) Direct premiums written in the U.S. and its territories, Canada and other foreign territories.

Source: NAIC data, sourced from S&P Global Market Intelligence, Insurance Information Institute.