Does Your Identity Protection Match Your Risk? 3 Questions to Ask

In the data breach world, big numbers make for even bigger headlines:

–Capital One says it was hit with data breach, affecting tens of millions of credit card applications
–982M Email Accounts Leaked from Online Database
–Fortnite Hack Warning Issued for 250 Million Players

It seems that the number of affected individuals, not the type of information, always takes the spotlight in breach news stories—an oversight that puts breach victims’ identity and privacy at risk.

A breached company can offer identity protection to the affected population. However, identity protection solutions are different, and what might work for one breach situation might not work for another. For example, people whose healthcare information was stolen as a result of a data breach might only be offered credit monitoring. But hackers can use the data in a person’s medical file to commit far more than financial fraud. A sensitive diagnosis could impact a person’s health or reputation, and insurance information could be used to file fraudulent claims. The lack of protection afforded by credit monitoring in this scenario could be called “the mismatch of risk and coverage.”

Misaligned Identity Protection Can Cost Companies, Too

The average cost of a data breach is $3.29 million, according to IBM Security’s 2019 Cost of a Data Breach Report. Researchers divided the breach cost into four categories: lost business, detection and escalation, notification, and post-breach response. They found that lost business—which is the largest cost center—reaches far beyond revenue losses and business disruption to include reputation losses and diminished goodwill.

The study also found that companies offering Identity protection to breach victims were more successful in reducing their customer turnover. However, incomplete or inadequate protection will only diminish consumer and employee goodwill.

Finding the Perfect Fit

To reduce the impact of a breach on both individuals and companies, it’s essential to evaluate three things:

1. What types of personal information does your company hold that may be subject to exposure or compromise?
2. What is the average cost of a breach for your industry?
3. What is your industry’s abnormal customer turnover (greater-than-expected loss of customers since the breach occurred)?

Consider the following scenarios for three different sectors of business:

Financial institutions obtain the following types of personal information: customer names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers.

Average data breach cost: $5.86 million
Abnormal customer turnover: 5.9%

Healthcare organizations obtain the following types of personal information: demographic (names, email addresses, Social Security numbers), service or financial (payment cards, banking accounts), and medical (diagnoses, treatments, medications).

Average data breach cost: $6.45 million
Abnormal customer turnover: 7.0%

Educational institutions obtain the following types of personal information: student ID numbers, digital video or photo files, biometric data (e.g., fingerprints or palm prints), and geolocation data.

Average data breach cost: $4.77 million
Abnormal customer turnover: 2.2%

IBM Security’s 2019 Cost of a Data Breach Report found that the more customers a company lost post-breach, the higher the average breach cost. Therefore, answering these three questions can help you more clearly see where your true breach risks lie and the potential cost to your business due to customer churn.

By offering comprehensive identity and privacy protection that matches the potential risks your customers face if their information is exposed, you demonstrate in a very real way your commitment to their well-being. Even better, you can build that trust by providing the service before a breach strikes.