Consumers’ information is often not safe in today’s cyber world. Capital One’s recent massive data breach affected about 100 million individuals in the US, and another six million in Canada, while the breach that impacted Equifax in 2017 exposed the information of about 143 million Americans, and approximately 8,000 Canadians.
And the reverberations from these events will continue to hurt consumers over the coming years.
“Some of the headline-making breaches that we've seen, like with Equifax where social security numbers are involved, victims’ identity fraud risk remains elevated, if not for several years then for life,” said Paige Schaffer (pictured), CEO of Generali Global Assistance’s identity and digital protection services global unit. “Recently it was announced that Equifax would be providing up to seven years of resolution services, and while this seems like it's a reasonable length of time, hackers will be aware of this fact. They’ll calendar it, and they don't mind hanging on until they get over that time period.”
Today’s cyber incidents are not particularly shocking to consumers as they happen so frequently, but that doesn’t mean people aren’t worried about identity fraud following a data breach.
“Our consumer research revealed that 79% of consumers rank being a victim of identity theft as one of the top things that they worry about, even more so than becoming seriously ill or injured, being in a car accident that would damage their car, or their home being robbed,” said Schaffer. “That same research found that 52% of respondents have personally been, or known someone who had been, a victim of identity theft or fraud.”
Nonetheless, many people still don't have protection against identity fraud, nor do they take the appropriate post-breach steps to minimize their risks.
“Education is critical and vital so that consumers know how to properly protect themselves,” Schaffer told Insurance Business, adding that awareness around prevention techniques and protection solutions are not where they should be. “In our 2019 global cyber barometer survey, we found that 45% of global respondents reported they wouldn't know what to do if their personal information had been compromised, and close to half of global respondents believe that companies and institutions aren't doing enough to protect their personal information.”
The company also found that 44% of consumers don't feel like they have control over what information other people can access about them online, over 30% feel very exposed to cybercrime and identity theft, and almost 30% consider themselves likely to become victims. Especially as more sensitive data is being breached, beyond just names and email address, protection solutions and proactive risk mitigation are becoming ever-more important, and brokers can pass along these useful tips to their clients.
The first step that consumers will want to take following an incident is to find out what type of information was compromised since the sensitivity and nature of the information exposed will influence how they should respond to the breach. While a credit card or password can easily be replaced or changed, social security numbers are a different story.
“A fraudster can do many bad things with a person's social security number, whereas a leak of just their name or email address is much less damaging, though there's still cause for concern. Victims will want to change their online information, their passwords, and their security questions,” said Schaffer. “Consumers should reach out to their financial institutions immediately to cancel or replace affected cards, and if their driver's licences were stolen, they need to contact their DMV. That allows them to flag licences that could be used fraudulently.”
Consumers should also consider a credit freeze, and in doing so are essentially restricting any access to their credit so thieves can't open accounts in the consumer’s name. They should likewise monitor activity on their bank statements and credit cards online, or if they get paper statements, they should actually look at them and make sure that all the charges are legitimate.
“Breach victims should also be on the lookout for phishing emails, as fraudsters have begun leveraging their own attacks and using hacked data to create highly targeted, more personalized phishing emails,” explained Schaffer. “If they have a little bit of information, it makes you feel like it must be a legitimate company since they know this stuff.”
Considering that firms will often offer minimal data protection services if they do experience a data breach, consumers should also proactively sign up for identity protection services that include full service resolution and online data protection, as well as suspicious activity alerts for both credit and identity monitoring.
“Although it's common to see free credit monitoring, it's clear that today's consumers are no longer protecting themselves from singular incidents,” said the Generali Global Assistance expert. “These companies that have breaches have some fiduciary responsibility when there's a breach to give some sort of remuneration for the breaches and typically, that is a form of some coverage, but it's really [usually] the bare minimum and that is just not enough for the different types of breaches that are going on.”
Brokers and other insurance professionals can help make their consumers aware about the range of offerings available on the marketplace today, and employ effective risk mitigation to keep their identities protected. In fact, Generali Global Assistance works with many insurance clients.
“It really mitigates [the risks for] those insurance clients because if all of their consumers or their employees are covered, then they've got less of a risk to pay out in the long-term,” explained Schaffer, though she added that simple common sense is also key to helping people stay proactive. After all, she said, “Whether this is a consumer's first time being notified that their information was part of an incident, we can say with certainty that it won't be their last.”
