Wednesday, September 20th, 2017
From Rob Zeglen, NYSTEC
Copy of Presentation: CATA 10-21-15 NYSTEC Security From A Consultants View
One of our members asked about identity theft insurance. This is a snippet of some research my team did on the value of Identity Protection Services. It is by no means a recommendation, just some findings and some good free service suggestions.
Before organizations consider purchasing Identity Theft Protection, it is important to understand that identity theft protection services cannot prevent identities from being stolen. The services do, however, detect that something has happened, and the sooner you know this the better. Typically, these services are offered to deal with the theft of identity after it has occurred.
There are steps that members can take to perform all the same functions that an identity protection service will perform. Organizations could consider an outreach program to customers to educate them on the following approaches:
“The National Association of Insurance Commissioners says the typical cost of identity theft insurance ranges from $25 to $60 per year. The insurance may include credit alerts, account and credit monitoring, and reimbursement for the costs associated with repairing your credit history if you become a victim. The insurance does not protect you from identity theft – nothing can really do that – and the policy certainly does not cover monetary losses.”
Proactively purchasing Identity Theft services would likely be quite costly for large numbers of users and would do nothing to prevent a breach. Additionally, such an effort would likely indicate to the media and the member base that an organziation was breached and was reacting.
The money spent on insurance may be better spent on assessing and tightening security where needed; for example, implementing two-factor autentication, doing proactive monitoring, holding vendors responsible for security, or delaying projects to ensure that security is bulit in. For example, it will cost the the federal government $133 Million for credit monitoring services due to the Office of Personnel management (OPM) breach http://krebsonsecurity.com
/2015/09/opm-misspends-133m-on-credit-monitoring The breach occurred due to under investment in upgrading legacy system, as well as with new systems being deployed with inadequate security. http://www.forbes.com/sites/katevinton/2015/06/23/opm-director-blames-federal-breach-on-legacy-systems-in-senate-hearing/.
Security Practice Area Manager at NYSTEC