14 minute read
Identity Theft Insurance: Market Update
By Heather & Trevor Garbers
December is National Identity Theft Awareness and Prevention Month.
This is a valuable newer benefit in our marketplace that can be offered to protect the financial security of employees, in addition to enhancing the corporate cybersecurity of their employer. How big of a problem is identity theft today? Here are some staggering statistics from the National Council on Identity Theft Protection:
There is an identity theft case every 22 seconds
Total annual losses are currently estimated to be $102 billion
33% of Americans have faced some form of identity theft at some point in their lives nearly 3 times higher than in other countries
Consumers aged 30-39 were the most victimized
The market for identity theft protection services is expected to reach $28 billion by 2029
We’ve brought in several experts on identity theft solutions to talk about the market today including: Jason Steed (Vice President, Sales & Business Development Leader at Equifax Workforce Solutions), Shelby Gartner, (Vice President, Sales – Broker Partnerships, TransUnion), and Cord Rotondo (Vice President of Sales, Norton LifeLock Benefit Solutions).
Let’s start with, what trends are you seeing in employer-based identity theft coverage today?
Jason - Artificial Intelligence (AI) is playing a bigger and bigger role in criminals' efforts to steal identities and commit fraud. As of now, criminal AI efforts don’t really change the type of fraud, but rather the speed and sophistication of their attempts. It is becoming increasingly easier to impersonate someone’s speech and email patterns or even their voice. Scammers are becoming adept at social engineering. Criminals are beginning to build victim profiles that heighten an individual's emotions and pressure points. Finally, even for those with identity theft coverage, the lack of subscriber utilization of key features that are designed to prevent fraud is the thing that truly prevents the effectiveness of identity theft protection. Remember, reducing fraud and the subsequent stress along with improved productivity is the overall basis for offering identity theft protection as an employee benefit. The importance of employee utilization cannot be underestimated; product innovation alone is not enough.
Shelby - More and more employers are taking an active interest in educating employees on cyber risks and digital hygiene. In 2024, I believe we will start to see more emphasis on employee education and training than we have in the past. More employers are recognizing just how large the human risk element really is – even by conscientious, well-meaning employees.
As today’s cybersecurity defenses become more advanced, threat actors find it easier to breach individuals using social engineering rather than systems. The human attack surface poses significant challenges, which is why 75% of security pros named social engineering as the most dangerous threat. In fact, Verizon found that nearly 73% of all breaches in 2022 involved a human element. By making employees aware of the risks that exist and providing them with the information, insights and tools needed to counter those risks, employers can help both their business and their team members.
Cord - The identity theft protection services market is headed towards an immense upward trajectory; the market is projected to reach $31.98 billion by 2030, up from a 2022 valuation of $11.45 billion. This growth is largely fueled by skyrocketing cybersecurity threats and an increased reliance on credit cards, as well as the continued digital revolution, especially in emerging economies. As people are doing more and more of their financial activities online, the risk of running into credit card and bank fraud is increasing.
The continued rise and evolution of cyber threats are becoming increasingly important for employers. Nowadays, our personal and work lives are so intertwined online that it makes all of us extremely vulnerable to cybercrimes, like those social engineering scams that trick people into disclosing their private information. This is where companies may want to look for an identity theft provider who also offers a strong cyber insurance policy. Employers offering a benefit package that includes both robust identity theft protections and cybersecurity services are proactively safeguarding employees' personal information and finances from cybercriminals or other online threats.
An increasingly popular type of cybercrime is ransomware attacks. This is where hackers hold your data or devices hostage. Ransomware attacks can drastically affect employees, both personally and at work. Ensuring cyber insurance is part of an identity theft protection plan can help cover the costs of navigating extreme ransom demands and can help fix systems or data that was compromised. In a world where our digital lives are getting more complex and riskier by the day, offering this type of coverage as an employee benefit isn’t just a nice-to-have; it’s becoming a must-have It’s all about keeping employees safe and secure in the wild world of the internet.
How can Identity Theft coverage help to enhance a company’s cyber protection?
Cord - Identity theft protection has evolved to become a crucial line of defense, helping to guard against the pervasive risk of data breaches that threaten both individuals and organizations. Offering this protection as an employee benefit serves a dual purpose: it not only helps to ensure the online safety of employees, but it also reinforces the company's cybersecurity infrastructure, which as we all know can be at risk from an employees’ digital activities and their personal devices accessing company email and data. It has been reported that 68% of employees are using personal devices for work.
In today's business environment, the value of investing in identity theft protection services for employees is unmistakably evident. It acts as an early defense mechanism, warding off the potential chaos caused by data breaches, which often lead to significant financial loss and impact employee morale and focus. In 2022, it took identity theft victims 207 hours on average to resolve the fraud, and about half of that time was spent trying to resolve it while on the clock at work*.
Providing this safeguard not only makes a company an attractive employer but also plays a key role in retaining top talent with comprehensive benefits in a highly competitive job market. Moreover, in a time where remote work has become a norm, extending a company’s security reach into the various digital environments of employees’ home offices is not just smart, it's essential. For businesses planning for their future, integrating identity theft protection into their employee benefits is a strategic move, reflecting a deep commitment to their employees.
Shelby - When an employee’s personally identifiable information (PII) is exposed, there can be an increased security risk to their employer. While most people know they shouldn’t reuse their passwords on multiple accounts, research from. Last Pass showed that 65% of people admit to doing it. Combine that with the fact that 50% of people told TechRadar they use the same passwords for both personal and work accounts, and it’s clear to see how the exposure of an employee’s credentials becomes a security risk for the organization.
Organizations in both the private and public sector are increasingly offering identity protection services as an employee benefit. It shows employees the organization’s concern for their well-being and given the general concern about identity theft offering the service can help build trust and loyalty among staff. Just as important, it demonstrates how the organization values cybersecurity. When offered as an employee benefit, identity protection can generate greater cyber awareness and instill better cyber habits among employees. Those stronger cybersecurity habits naturally carry over to their work, helping reduce incidents on the job.
By empowering individuals with the knowledge and tools needed to safeguard their identity information, companies can generate real benefits for themselves reducing the risk of that data being misused for scams, fraud or security breaches.
Jason - Companies are focusing on improving the cyber resiliency and awareness of their employees. Studies show that between 75% to 95% of corporate data breaches stem from human error. With more employees working from home and some companies adopting “bring your own device” policies, this adds strain on networks and security teams to thwart growing cyber threats.
Premium employee benefit identity theft plans have many risk mitigation features baked in that can help reduce risks, such as: a password manager, personal VPN, antivirus and malware software, and dark web / breach exposure monitoring. Enhanced capabilities like automated removal of employee data from data broker sites also help to reduce threats from scams. We are beginning to see how human resource and security teams work together to assess and promote identity theft protection plans to increase the corporate security posture.
What are things to look for or avoid when evaluating options for Identity Theft Coverage? What creates a quality product for the member?
Jason - First and foremost, as with any plan or benefit, make sure there are features present that fight against identity fraud. Although identity thieves are getting more creative, the fact remains that the bulk of fraud happens at the credit and financial institution level and can be reduced with minimal effort. A plan should provide as many day-one options (nothing for the employee to actively “turn on”) as possible to best prevent fraud in those high fraud volume areas. Second, make sure that the entire family has access. Helping minor and elderly family members can be just as stressful and time consuming as addressing your own identity fraud issues. Third, the remediation and service experience is key. When dealing with personal financial matters, it is important to get help fast, any time (day or night), and to know your requests are being securely fulfilled. Finally, find a vendor that has effective plans to drive utilization and engagement with the product. If employees don’t engage with the product and utilize many of the features, the value the employer is looking to deliver will be lost.
Cord - Key characteristics of these services should include proactive and extensive monitoring of credit, financial, social, and personal information across diverse platforms and databases. Your vendor should offer immediate, detailed alerts for suspicious activities and provide robust support for identity recovery, encompassing legal and financial assistance. Furthermore, a top-tier service should include comprehensive insurance coverage, including real cyber insurance to offset financial losses from identity theft and social engineering, a user-friendly interface, updates that adapt to counter emerging threats, educational resources for employees, transparent pricing, executive/c-level coverage, and dedicated support teams both for the broker and the employer.
Brokers should be cautious of services with: limited monitoring scope, delayed threat alerts, insufficient or small recovery support teams, inadequate insurance coverage, poor device security, complicated interfaces, and substandard customer service. Providers making exaggerated claims about total prevention of identity theft should also warrant skepticism. The ideal service should offer a balance of extensive protection, ease of use, effective support, and educational resources.
Shelby - Be sure to understand what features are truly differentiators, addressing unmet needs of employees as it pertains to identity theft and fraud. Conversely, identify and understand features that are portrayed as differentiators or as cutting edge but in reality are already available to employees and their families through other providers for free. A quality identity theft protection product arms employees with the knowledge to create better habits and to fully understand their current and potential vulnerabilities.
Considering how consumers have gotten used to personalized experiences, a solution that provides practical, hyper-personalized guidance is highly desirable. The inaction often seen in consumers responding to identity and cyber risks is not really caused by laziness but rather confusion. When TransUnion surveyed those who were concerned about identity safety but did not take any recent action to improve it, 50% said they didn’t act because they were unsure of what to do. A solution that can truly personalize an action plan (rather than offer general, sometimes contradictory recommendations) stands a much better chance of being effective and engaging.
What do you predict the marketplace look like in 12 years?
Shelby - Given the heightened awareness surrounding the human risk element, I predict that more customizable trainings and employer benefits will emerge to meet the market at its greatest need. Similarly, the evolving threats associated with AI will result in an iteration of “Cadillac Plans” containing more robust, and therefore more costly features. This makes pre-communication even more important. Arming employees with the knowledge necessary to determine what plans, features and functionalities are right for them and their families will help to guide them in their selection.
Cord - In the next 1-2 years, the employee benefits landscape for identity theft protection is poised for significant evolution and expansion. More companies are expected to integrate identity theft protection into their benefits offerings, recognizing its vital importance in today's digital landscape. Providers are likely to introduce advanced monitoring and protection technologies, including AI and machine learning, and place greater emphasis on employee education and training. Personalization of plans to suit diverse employee needs across the globe, and evolving regulatory influences are also anticipated. Furthermore, I think the integration of identity theft protection with other cybersecurity measures, such as secure VPN and device security for employees, will become table stakes. The attention to the psychological impact of identity theft suggests the market is set to evolve towards more comprehensive, user-friendly, and integrated solutions conducive to the modern workplace and other compliance related activities.
Jason - As opposed to growing the laundry list of identity theft features that do not really address the bulk of the fraud problems, success will be dictated by those who branch out from a narrow focus on personal identity theft protection to that of a holistic approach. In other words, the marketplace will be led by those organizations that are able to continue to enhance the value of their protection to employers and employees. While developing and applying new AI techniques will undoubtedly help us stay ahead of criminals, those vendors that broaden their approach to introduce differentiated data and address digital safety will do the most good in the industry. Said another way, the industry will see greater overall security advancement as identity theft protection vendors appropriately leverage existing products and services tied to broader based risk/cost reduction efforts like onboarding, offboarding and other compliance related activities.
Thank you to our experts who provided feedback on Identity Theft Coverage in the employee benefits marketplace this month!
Shelby Gartner, Vice President, Sales – Broker Partnerships, IdentityForce, a TransUnion brand – lives in Overland Park, KS and has spent 12 years immersed in the employee benefits industry, providing consultative solutions to partners in search of differentiated value through the implementation of both product and services. The immediate past 4 years have been spent educating partners as to identity theft and fraud related threats, including how to improve upon existing digital hygiene practices, fraud prevention measures and breach response strategies.
Cord Rotondo, Vice President of Sales, Norton LifeLock Benefit Solutions - Rotondo stands at the forefront of pioneering Cyber Safety and Digital Wellness s for employers. His dynamic approach involves deep collaboration with benefit administrators, leading technology platforms, and major corporate clients. Leveraging his extensive background as a broker for diverse organizations, both public and private, Cord brings a unique and insightful perspective to the table.
Jason Steed, Vice President, Sales & Business Development Leader at Equifax Workforce Solutions - Prior to this role Jason held various leadership positions in the employee benefits consulting community including executive roles at both Brown & Brown & Beneplace.
