• Understanding ID Theft: Info for Consumers, Businesses, Organizations
• Self-Assessment
• White Papers about Fraud
• Trend Pieces about Fraud
• Legislative Alerts
• Resources/Links
• Identity Theft Glossary
• Fast Facts

Data Security Statistics and Research

Federal Trade Commission Consumer Sentinel ¹ (2006)

• Self-reported identity theft complaints from consumers rose almost 19% between 2003 and 2005 to more than 255,500, according to the Federal Trade Commission.
• People older than 60 had the lowest rates of identity theft, making up 11% of the total.

Federal Trade Commission Consumer Sentinel ² (2005)

• In 2004, the complaint database developed and maintained by the DTC received over 645,000 consumer fraud and identity theft complaints. And consumers reported losses from fraud of more than $547 million.

Federal Trade Commission Consumer Sentinel ³ (2003)

• 10 million Americans were victims of identity theft in 2002, the most updated numbers available, with a total cost impact of $50 billion annually. In addition, the fraudulent use of victims' personal information to obtain goods and services cost businesses and financial institutions $33 billion in 2002.

Ponemon Institute ⁴ (2005)

• Customer data compromises costs companies as much as $50 million. Direct costs incurred by a company alone average $5 million per incident.
• On average, each record lost cost companies $140.

Javelin Strategy & Research ⁵ (2006)

• Estimates of the average fraud cost per victim rose to $6,383 in 2005 from $5,885 in 2004 and $5,246 in 2002. As such, the total cost of identity fraud, pegged at $56.6 billion 2005, has been holding fairly steady.
• The average resolution time for resolving fraud cases has increased from 33 hours in 2003 to 40 hours in 2006

National Cyber Security Alliance ⁶ (2006)

• Although 57% of people who use social marketing sites admit to worrying about becoming a victim of cyber-crime, they are still divulging information that may put then at risk.
• 74% of persons surveyed have given out some sort of personal information, such as their e-mail address, name and birthday.

 

Corporate/Organization Issues

Ponemon Institute ⁷ (2005)

• 81% of companies surveyed have experienced the loss of one or more laptops containing sensitive data over the past 12 months.
• 64% of some 500 data-security pros surveyed admit that their companies have never performed an inventory to determine the location of customer or employee info.

CMO Council ⁸ (2006)

• 76% of marketing executives surveyed believe security breaches negatively impact the company brand. Yet 60% said that security has not become a significant theme in their company’s messaging and marketing communications.
• Only 29% said their company has a crisis containment plan for security breaches and failures. Another 27% don’t even know if such a plan exits.
• Over a third of consumers say they would strongly consider taking their business elsewhere if their personal information was compromised.

CIO Insight.com Annual Security Survey (September 2006)

• Nearly half of large companies have been targeted for online data thefts, by perpetrators ranging from organized crime mobs to disgruntled former employees.
• One company in six has lost equipment containing company data in the past year.
• Employee negligence and software vulnerabilities are considered the most significant IT-security risks.

Javelin Strategy & Research ⁹ (2005)

• Security breaches at businesses accounted for 30% of 2005 identity-fraud cases, while 30% were the result of consumers' lost or stolen wallets and checkbooks; nefarious friends and family, 15%; stolen mail, 9%; and attacks and scams targeting home computers, 9%.

Visa/U.S. Chamber of Commerce (2006)

• Nearly two-thirds (64%) of small businesses have made improvements to protect their customers' personal information, including credit and debit card data, in the past 12 months, and nearly a third (29%) have done so in the last 3 months.
• Small retailers spend more resources preventing the theft of products and cash from their store (34%) than securing customers’ personal data (20%).

Deloitte Touche Tomatsu ¹⁰ (2006)

• The majority of technology, media and telecommunications (TMT) companies surveyed consider themselves reactive when it comes to investing in information security, and only 4% believe they are doing enough to address the problem.
• Only 37% of the TMT companies provided security training to employees in the last 12 months.
• While 74 % of TMT companies said that they expect to spend more time and money on improving security in 2006, the average budget increase among those companies was only 9 percent.
• Only 63% of TMT companies have a dedicated, senior-level security officer; among technology companies the number is only 53%
• More than two-thirds of life sciences companies have already appointed a Chief Security Officer, a three-fold increase over the past decade.

 

Internal Threats

Ponemon Institute ¹¹ (2006)

• 78% of IT professionals in the United States say their companies have suffered unreported insider-related security breaches.

Javelin Strategy & Research ⁹ (2005)

• Security breaches at businesses accounted for 30% of 2005 identity-fraud cases, while 30% were the result of consumers' lost or stolen wallets and checkbooks; nefarious friends and family, 15%; stolen mail, 9%; and attacks and scams targeting home computers, 9%.

Deloitte Touche Tohmatsu (2006)
"2006 Global Security Survey" - whose respondents were major global financial institutions, including 31% of the top 50 global insurance companies.

• 74% of respondents said they were either very confident or extremely confident in their ability to defend against external threats, an increase of 5% over 2005.
• When it came to internal threats, however, only 41% were either very confident or extremely confident compared to 50% last year

Deloitte Touche Tohmatsu ¹² (2006)

• Among the TMT companies whose security was breached in the last 12 months, half were attacked from inside the company.
• 83% of the TMT companies surveyed are concerned about employee misconduct involving information systems.

¹ “Identity Theft Victim Complaint Data: Figures and Trends, January 1- December 31, 2005”, Federal Trade Commission and The Identity Theft Data Clearing House Consumer Sentinel , January 25,2006
² “National and State Trends in Fraud and Identity Theft, January – December 2004”, Federal Trade Commission, February 1, 2005
³ “ID Theft Survey 2003”, Federal Trade Commission , September 2003
⁴ “Lost Customer Information: What Does a Data Breach Cost Companies?”, Ponemon Institute , November 2005
⁵ “2006 Fraud Survey Report”, Javelin Strategy & Research , January 2006
⁶ “Social Networking Study”, National Cyber Security Alliance (NCSA ), October 4, 2006
⁷ “U.S. Survey: Confidential Data at Risk”, Ponemon Institute , August 15, 2005
⁸ ‘Secure The Trust of Your Brand”, CMO Council , 2006
⁹ “Start-ups Offer Protection from Identity Theft”. Wall Street Journal , August 1, 2006.
¹⁰ “Protecting Digital Assets. The 2006 Technology, Media and Telecommunications Security Survey”, Deloitte Touche Tomatsu , 2006
¹¹ “Latest Ponemon Institute Study Ties Lack of Awareness in Corner Office to Insider Threat Challenges”, Ponemon Institute , September 12, 2006 ¹² “Protecting Digital Assets. The 2006 Technology, Media and Telecommunications Security Survey”, Deloitte Touche Tomatsu , 2006