News, insights and resources for data protection, privacy and cyber security leaders

Why Identity Protection Is Needed Before You Are a Victim

According to a Holiday Survey conducted by Generali Global Assistance, three in four holiday shoppers are concerned about their financial or personal information being compromised due to a data breach this season. This is unsurprising as 2017 is shaping up to be another “Year of the Data Breach” with the number of data records stolen crossing two billion in October, surpassing the 1.9 billion in 2016. With this rising fear, 58 percent of consumers plan to purchase identity protection services in the next two years.

Yet others are adopting a wait and see attitude towards identity protection services. One reason could be the fact that if consumers are victims of a massive data breach, they will usually be offered free identity protection services by the affected company. So, the common thinking would be that you need it only when you are a victim. Is this putting yourself at unnecessary risk?

 

Identity protection needed before you are a victim?

We spoke to Paige Schaffer, President & COO at Generali Global Assistance’s Identity and Digital Protection Services Global Unit, who offers her opinion on this:

“It is critical for consumers to proactively have their own comprehensive identity protection service in place before the inevitable happens. In a lot of breaches we see – and Equifax was a really good example of this – the breach is not disclosed to the public until weeks, or even months, after the actual breach of data took place. This is also when notifications go out to victims and when free identity protection services are offered to them. During this time, however, hackers are able to sell the compromised information on the dark web (black market) and/or commit acts of fraud with it. Identity thieves are well aware of this window of opportunity, and they likely take advantage of that lag in time regularly. Needless to say, by the time a breach victim has activated the free identity protection service that is being offered to them, the hackers could have already done damage.

“Along the same lines, when a breached company offers complimentary identity protection services to victims, they are typically only available at no cost for a specific amount of time (usually one year post-breach). This timeframe is well publicized, which means that hackers are also well aware of when these victims will no longer have protection. Identity thieves are far from impatient so to wait a year, or even two, to utilize that specific compromised data is a no-brainer for them.

“Lastly, almost all free, post-breach identity protection services are purely monitoring-based. Much of the time, these services are essentially just credit monitoring, which means the user would be alerted if there is a new credit inquiry, a change in their credit profile, etc. But what happens if they find out there’s a new loan in their name showing up on their credit report? That would unfortunately be up to the breach victim to resolve on their own. Resolving identity fraud is the scary, frustrating, time-consuming piece – and that’s what all of these free identity protection services are missing.

“The fact remains that these free services are far from adequate, which is why having a comprehensive identity protection plan in place to begin with is most optimal for consumers. At this point, we all should assume our information is already out there and that it’s only a matter of time until some sort of incident occurs impacting our identities. For consumers to wait until they’re notified that their information was part of a breach is reactive rather than proactive, to say the least, and this can mean the difference between effective and ineffective identity protection.”

Sarah Meyer

Staff Writer at CPO Magazine
Sarah Meyer is a technology writer for more than 10 years. She writes on public policy issues with a focus on cybersecurity and personal data protection. Sarah has previously worked for large multinational cybersecurity companies in the areas of government relations and public policy engagement.

Leave A Reply

Your email address will not be published.

Subscribe and Get 50% Off 6-Hour Workshop Video

PIAs and the ISACA Privacy Principles: Effective Tools to Identify and Mitigate Security and Privacy Risks

Thanks for subscribing!

Pin It on Pinterest

Share This