Since news of the Equifax breach hit the airwaves in early September, the resolution center at CyberScout has experienced call volumes seven times higher than usual. Thousands of customers of our insurance carrier partners have called first their insurer, and then us, looking for help. This massive event, which compromised highly personal information for 145.5 million people, represents a sea change for most consumers.
People are worried, frustrated and angry about their heightened risk of identity theft and fraud. They want to protect themselves but don’t know whom to trust. This is a critical time frame, when people want to take action, and are seeking refuge with trusted partners.
This is an opportunity for insurance companies to step up to help the victims of the Equifax exposure, strengthening both their customer engagement and loyalty.
Why this cyber breach was different
Until now, the credit bureaus were just another fact of life for most consumers. Lenders, prospective employers and insurers all turn to credit bureaus to make better decisions. But credit bureaus gather our most personal information without our consent or control. To carelessly leave that data open to theft has made consumers and their advocates understandably angry.
The concerns are justified by the facts. Unlike data breaches that expose payment information such as credit and debit card numbers, the Equifax breach compromised much more sensitive datasets. Not only were Social Security numbers and birth dates included in the stolen data — two pieces of information carefully guarded by most consumers — but some of the exposed records also contained driver’s license numbers and other unique identifiers.
Rather than simply replacing a credit card, consumers are dealing with an entirely new game against the cyber criminals. They must now worry that criminals are in possession of vital information that turns the key to more complex types of identity thefts, including tax ID theft, access to social media accounts and email, as well as breaking into existing bank and retirement accounts. Thieves can also establish new accounts and loans in the victims’ names, providing another fertile green field for fraud.
Sadly, it's time to recognize that this is the new normal. Massive amounts of deeply sensitive data have been unleashed and there’s no putting the genie back in the bottle.
Understanding consumers’ concerns
In the calls to the CyberScout resolution center, people want to know what to do now and what to do for the long run. First, they ask if they should place a 90-day alert on their credit files, or if a freeze would be a better option. Too few consumers understand the difference between these tools and the purpose and benefits of each. They seek help and advice on how to initiate those alerts and freezes. Simply figuring out who to contact can be a significant roadblock, let alone knowing whom to trust.
Many consumers understand that their Social Security number is the golden key to their identity, and its theft opens them to many kinds of fraud. They want to understand how to safeguard their checking and savings accounts, as well as their investment and retirement accounts, from fraud. They understand that they’ll have to monitor for the long term and over many kinds of fraud.
Most consumers have only limited visibility into what’s actually stored in their credit files — and some aspects of Equifax's response to the breach have heaped additional confusion into the mix. Many callers asked us which account numbers and pieces of information were actually exposed. Did they get my mother’s maiden name? What about my driver’s license number? If I had already placed a freeze on my credit file, was my password to lift that freeze stolen?
The millions of victims of the Equifax breach are coming to grips with the fact that their information will be exposed forever. It’s a far different scenario than closing down a hacked credit card, and much more worrisome for consumers. (Photo: iStock)
Act now to help insureds stay safe
To protect the millions of insurance customers caught up in the Equifax breach, insurers can take the following steps.
- Create awareness. Many policyholders — and even agents — aren't aware that identity theft services are already part of their home or auto insurance policy, or can be added relatively inexpensively. Simply reminding them that protection is available supports the breach victims when they need it most and reinforces the tremendous value of their current policies and insurer relationships. Most identity protection service offerings include unlimited 24 x 7 support without risk of additional loss or cost exposure to the insurer, so prompting usage of the existing service is a win-win for policy issuers and policyholders
- Be ready with expertise. Just as in a natural disaster, most consumers are asking a few, immediate questions about how to respond to the Equifax breach. Help them with clear, practical answers to provide immediate help. (These five steps will help Equifax breach victims.)
- Engage with long-term help. Most of those exposed by the Equifax breach will need to monitor for fraud for the rest of their lives. There are credit and identity monitoring tools available in the insurance space that are essential to a comprehensive identity protection solution. Consider enhancing your portfolio with these tools to fully protect policyholders.
- Expand your value proposition by addressing emerging risks. Cybersecurity experts warn that Internet connected devices in the home are vulnerable to cyber attack with the aim of hacking into home and SMB networks. Social media has become a risky place of cyber bullies and fraudsters. The WannaCry ransomware epidemic targeted small businesses around the world. As new risks emerge, innovative approaches to personal lines coverage will need to be developed.
The next generation of cyber coverage for families and small businesses has started to appear, which address these broader risks, protecting against digital and cyber related risk like hacking and ransomware and addressing expenses related to cyber bullying. An extension of current P&C coverage, they empower insurance companies to engage in a new way with customers.
In a survey conducted by the Identity Theft Resource Center, only 3.8 percent of respondents would contact their insurance company after a data breach, while another 38 percent would turn to their bank and 31.5 percent didn’t know where to turn. It’s time that consumers learn that insurers can offer them a comprehensive suite of options to address a complex and long-lasting data breach like Equifax — and protect them from future cyber events. Consumers look to their insurance company for protection over the long haul, and lifelong protection is what they need now.
Like the massive hurricanes that swept through Texas, Florida and the Caribbean islands this fall, the Equifax data breach was a catastrophic event for many Americans, and its impact will reverberate for years. The insurance industry has a unique opportunity to step up to help millions of people reduce their risk, while promoting greater engagement, adding new revenue streams and building loyalty and retention. It is the industry’s cyber moment of truth.
Matt Cullina has served as CEO of CyberScout since 2008. CyberScout provides identity management services to nearly 45 million consumers and more than half of the P&C insurance marketplace, including 16 of the top 20 personal lines carriers. To find out more, please send email to firstname.lastname@example.org.
Check out additional articles by Matt Cullina: