Facts + Statistics: Identity theft and cybercrime

The scope of identity theft

According to 2018 Identity Fraud: Fraud Enters a New Era of Complexity from Javelin Strategy & Research, in 2017, there were 16.7 million victims of identity fraud, a record high that followed a previous record the year before. Criminals are engaging in complex identity fraud schemes that are leaving record numbers of victims in their wake. The amount stolen hit $16.8 billion last year as 30 percent of U.S. consumers were notified of a data breach last year, an increase of 12 percent from 2016. For the first time, more Social Security numbers were exposed than credit card numbers.

Following the introduction of microchip equipped credit cards in 2015 in the United States, which make the cards difficult to counterfeit, criminals focused on new account fraud. New account fraud occurs when a thief opens a credit card or other financial account using a victim’s name and other stolen personal information. According to the Javelin study, account takeovers tripled in 2017 from 2016, and losses totaled $5.1 billion.

Identity theft and fraud complaints

The Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), tracks consumer fraud and identity theft complaints that have been filed with federal, state and local law enforcement agencies and private organizations. Of the 2.7 million identity theft and fraud reports received in 2017, 1.1 million were fraud-related, costing consumers almost $905 million. The median amount consumers paid in these cases was $429. Within the fraud category, imposter scams were the most reported and ranked first among the top 10 fraud categories identified by the FTC. They accounted for $328 million in losses. In 2017, 14 percent of all complaints were related to identity theft. Identity theft complaints were the third most reported to the FTC and had increased almost 70 percent from 2013 to 2015 but fell about 24 percent from 2015 to 2017. Credit card fraud were the most reported to the Consumer Sentinel Network, with 133,000 reports.

Identity Theft And Fraud Reports, 2014-2017 (1)

(1) Percentages are based on the total number of Consumer Sentinel Network reports by calendar year. These figures exclude "Do Not Call" registry complaints.

Source: Federal Trade Commission, Consumer Sentinel Network.

View Archived Graphs

How Victims' Information Is Misused, 2017 (1)

 

Type of identity theft fraud Percent
Miscellaneous identity theft (2) 51.9%
Credit card fraud 16.8
     New accounts 12.7
Employment or tax-related fraud 10.1
     Tax fraud 7.5
Phone or utilities fraud 7.4
Bank fraud (3) 6.4
Loan or lease fraud 4.2
Government documents or benefits fraud 3.2

(1) Percentages are based on the total number of identity theft complaints in the Federal Trade Commission’s Consumer Sentinel Network (371,061 in 2017).
(2) Includes online shopping and payment account fraud, email and social media fraud, and medical services, insurance and securities account fraud, and other identity theft.
(3) Includes fraud involving checking, savings, and other deposit accounts and debit cards and electronic fund transfers.

Source: Federal Trade Commission.

View Archived Tables

Identity Theft By State, 2017

State Complaints per
100,000 population (1)
Number of
complaints
Rank (2) State Complaints per
100,000 population (1)
Number of
complaints
Rank (2)
Alabama 74 3,609 33 Montana 61.0 638 45
Alaska 67 494 40 Nebraska 61.0 1,170 45
Arizona 119 8,330 11 Nevada 128.0 3,828 6
Arkansas 69 2,084 37 New Hampshire 82.0 1,097 26
California 140 55,418 4 New Jersey 106.0 9,533 15
Colorado 108 6,051 14 New Mexico 91.0 1,909 20
Connecticut 114 4,078 13 New York 103.0 20,397 16
Delaware 126 1,211 1 North Carolina 92.0 9424 19
D.C. 192 1,333 7 North Dakota 62.0 467 43
Florida 149 31,167 3 Ohio 78.0 9,121 30
Georgia 120 12,548 10 Oklahoma 74.0 2,901 33
Hawaii 62 890 43 Oregon 90.0 3,714 21
Idaho 79 1,356 28 Pennsylvania 97.0 12,468 18
Illinois 124 15,841 8 Puerto Rico 61.0 2,046 45
Indiana 75 5,027 32 Rhode Island 123.0 1,302 9
Iowa 59 1,870 49 South Carolina 90.0 4,509 21
Kansas 72 2,100 35 South Dakota 46.0 403 52
Kentucky 69 3,060 37 Tennessee 83.0 5,586 25
Louisiana 71 3,340 36 Texas 118.0 33,454 12
Maine 60 806 48 Utah 79.0 2,452 28
Maryland 129 7,788 5 Vermont 57.0 354 50
Massachusetts 88 6,016 24 Virginia 90.0 7,656 21
Michigan 151 15,027 2 Washington 99.0 7,360 17
Minnesota 78 4,324 31 West Virginia 55.0 1,000 51
Mississippi 69 2,064 37 Wisconsin 64.0 3,731 42
Missouri 82 4,994 26 Wyoming 67.0 389 40

(1) Population figures are based on the 2017 U.S. Census population estimates.
(2) Ranked by complaints per 100,000 population. States with the same number of complaints per 100,000 population receive the same rank.

Source: Federal Trade Commission, Consumer Sentinel Network.

View Archived Tables

See also the Identity Theft section of our Web site Click Here

Top 10 Writers Of Identity Theft Insurance By Direct Premiums Written, 2017 (1)

($000)

Rank Group/company Direct premiums written As a percent of total
1 Nationwide Mutual Group $34,329 14.7%
2 State Farm Mutual Automobile Insurance 29,086 12.5
3 Travelers Companies Inc. 24,750 10.6
4 Markel Corp. 12,132 5.2
5 Liberty Mutual  11,326 4.9
6 Hanover Insurance Group Inc. 11,316 4.9
7 Allstate Corp. 11,167 4.8
8 Erie Insurance Group 8,513 3.7
9 Farmers Insurance Group (2)  8,275 3.6
10 American Family Insurance Group 7,904 3.4
  Total, top 10 $158,796 68.2%
  Total $232,932 100.0%

(1) Includes stand-alone policies and the identity theft portion of package policies. Does not include premiums from companies that cannot report premiums for identity theft coverage provided as part of package policies.
(2) Data for Farmers Group of Insurance Companies and Zurich Financial Group (which owns Farmers' management company) are reported separately by S&P Global Market Intelligence.

Source: NAIC data, sourced from S&P Global Market Intelligence, Insurance Information Institute.

View Archived Tables

Cybercrime

Interest in cyber insurance and cyberrisk continues to grow as a result of high-profile data breaches and awareness of the almost endless range of exposure businesses face. In 2018 through November, 340 million records were exposed in June from Exactis, a marketing firm; 150 million records exposed at Under Armor; 92 million at MyHeritage, a genealogy firm; and 87 million records at Facebook. In 2017, the largest U.S. credit bureau, Equifax, suffered a breach that exposed the personal data of 145 million people, including Social Security numbers. It was among the worst breaches on record because of the amount of sensitive information stolen.

McAfee and the Center for Strategic and International Studies (CSIS) estimated the likely annual cost to the global economy from cybercrime is $445 billion a year, with a range of between $375 billion and $575 billion.

In 2018 the IRTC tracked 932 breaches through the month of September. The number of records exposed totaled 47.2 million. The business category continues to be the most affected sector, with 432 breaches, or 46 percent of all breaches detected. The business sector breaches affected 22.1 million records, or 47 percent of all records affected. The IRTC noted that in September alone, hacking was the primary type of breach incident, accounting for 46 percent of all breaches in September. Unauthorized access was identified as the second most common type of attack, accounting for 30 percent of September breaches. According to the IRTC phishing was the most common form of hacking for September, representing 50 percent of the total breaches caused by hacking. Ransomware/malware represented 15 percent of breaches categorized as hacking in September.

The costs of cybercrime are growing. The average cost of data breach globally was $3.86 million in 2018, up 6.4 percent from $3.62 million in 2017, according to a study from IBM and the Ponemon Institute. Researchers polled 477 organizations to determine what costs they incurred after a data breach, including systems to help victims with losses and expenses, notification costs and lost business costs such as those associated with business disruption, revenue losses and reputation costs. The study also found that the average cost for each lost record rose 4.8 percent in 2018 from $141 to $148 and the average size of data breaches studied rose by 2.2 percent. In the United States, the average cost of a data breach was $7.91 million. The United States had the highest post data breach response costs, $1.76 million.

Cyber insurance evolved as a product in the United States in the mid- to late-1990s as insurers have had to expand coverage for a risk that is rapidly shifting in scope and nature. According to the National Association of Insurance Commissioners, 140 U.S. insurers reported writing some cyber insurance premiums in 2016, based on the Cybersecurity and Identity Theft Coverage Supplement for insurer financial statements. Direct premiums written totaled $1.86 billion in 2017, at companies that can report premiums for stand-alone and coverage provided as part of a package policies.

According to the Insurance Information Institute’s 2017 report, Protecting against #cyberfail: Small business and cyber insurance, insurers foresee substantial growth coming from the small business segment, as these companies become aware of the possibilities of liability, especially due to a breach and the resulting response costs arising out of the possession of private data. According to the Insurance Information Institute (I.I.I.) and J.D. Power 2018 Small Business Cyber Insurance and Security Spotlight SurveySM, 10 percent of small businesses surveyed suffered one or more cyber incidents in the prior year, and the average cost of cyber-related losses over the past year was $188,400. Only about one-third of firms surveyed had cyber insurance, nearly 60 percent of respondents said their company is very concerned about cyber incidents–and 70 percent think that the risk of being victimized by a cyberattack is growing at an alarming rate. Insurers can reach these potential small business customers through education, training and risk assessment services regarding cybersecurity.

Number Of Data Breaches And Records Exposed, 2008-2017 (1)

(1) As of January 22, 2018.

Source: Identity Theft Resource Center.

View Archived Graphs

The Internet Crime Complaint Center (IC3), a joint project of the Federal Bureau of Investigation, the National White Collar Crime Center and the Bureau of Justice Assistance monitors Internet-related criminal complaints. In 2017 the IC3 received and processed 301,580 complaints. One out of five victims (21.2 percent) were over the age of 60, the most victims by age. People between the ages of 30 and 39 ranked second at 19.4 percent, followed by victims between the ages of 40 and 49 with 19.2 percent. Victim losses totaled $1.42 billion. The most common complaints received in 2017 involved nonpayment or nondelivery of goods or services, which affected about 84,000 victims. There were about 31,000 victims affected by personal data breaches. Identity theft—where a person’s name or Social Security number is used without permission, affected about 18,000 victims.

Cybercrime Complaints, 2013-2017 (1)

(1) Based on complaints submitted to the Internet Crime Complaint Center.

Source: Internet Crime Complaint Center.

View Archived Graphs

Top 10 States By Number Of Cybercrime Victims, 2017

 

Rank State Number
1 California 41,974
2 Florida 21,887
3 Texas 21,852
4 New York 17,622
5 Pennsylvania 11,348
6 Virginia 9,436
7 Illinois 9,381
8 Ohio 8,157
9 Colorado 7,909
10 New Jersey 7,657

(1) Based on the total number of complaints submitted to the Internet Crime Complaint Center via its website from each state and the District of Columbia where the complainant provided state information.

Source: Internet Crime Complaint Center.

View Archived Tables

Top 10 Writers Of Cybersecurity Insurance By Direct Premiums Written, 2017 (1)

($000)

Rank Group/company Direct premiums written As a percent of total
1 Chubb Ltd. $316,253 17.0%
2 American International Group  228,739 12.3
3 XL Group Ltd. 177,879 9.6
4 Travelers Companies Inc.  119,133 6.4
5 AXIS  101,509 5.5
6 Beazley Insurance Co. 95,007 5.1
7 CNA Financial Corp.  73,127 3.9
8 BCS Financial Corp. 69,899 3.8
9 Liberty Mutual 60,013 3.2
10 Zurich Insurance Group (2) 43,040 2.3
  Total, top 10 $1,284,600 69.1%
  Total (3) $1,859,283 100.0%

(1) Includes stand-alone policies and the cybersecurity portion of package policies. Does not include premiums from companies that cannot report premiums for cybersecurity coverage provided as part of package policies.
(2) Data for Farmers Group of Insurance Companies and Zurich Financial Group (which owns Farmers' management company) are reported separately by S&P Global Market Intelligence.
(3) Includes only companies that can report premiums for stand-alone cybersecurity coverage and coverage provided as part of package policies.

Source: NAIC data, sourced from S&P Global Market Intelligence, Insurance Information Institute.

View Archived Tables

Additional resources

Federal Trade Commission

Internet Crime Complaint Center

Back to top