Identity theft in some ways is like the flu. People know there is a vaccine to prevent spreading the virus, but most avoid the protection.

Identity theft has gotten so out of hand globally that companies from numerous industries ranging from information technology to credit bureaus have concluded that cyber insecurity is not to blame on the thieves stealing our data only — but also, the poor behaviors of the people they’re stealing from. reviewed 18 studies on identity theft which reveal that over the past five years, both American consumers and businesses have learned just how pervasive and serious identity theft has become. Sadly, that research also shows most Americans aren’t even doing the minimum to protect themselves from identity theft. What exactly are we doing, and better yet, not doing? Here’s a quick breakdown of where we’re leaving our personal information vulnerable…

Knowing our data is at risk is different than doing something about it


About one-fourth (23 percent) of people have been affected by cyberattacks, and nearly the same number have taken the measures to prevent it, according to a study by insurance provider Grange Insurance [1]. Meaning the majority haven’t. Why? Almost 20 percent of people say doing more to protect themselves from identity theft is too much of a hassle.

Meanwhile, 77 percent are concerned about the risks of accessing internet on their devices. However, 81 percent use unsecured public WiFi.

How do Americans protect their data?


Americans are generally aware that their online presence can put them at risk, but Americans actually make it easier on identity thieves to steal their information, according to a poll from credit bureau Experian [6].

Thirty-nine percent of Americans store at least part of their Social Security numbers online, which is enough for data thieves to figure out the rest. Plus, 25 percent of people store their full Social Security number online. For the first time ever, 2017 saw more Social Security numbers being stolen than credit cards, according to Javelin Strategy & Research [2].

The study also found that the money consumers lost from identity theft rose to $16.8 billion in 2017.

As things get worse, people aren’t adopting the right habits to protect their identities. Sure, Americans know that it’s a huge problem, they identify hacking and having their identity stolen as some of the top risks they think about. But they’re still using flimsy passwords, they aren’t signing up for services that warn of data breaches, they’re using unsecured, public WiFi, and more.

Almost 40 percent of people are using passwords classified as “very weak,” according to a 2018 report [3] from identity threat intelligence company 4iQ Identity Breach Report. The first line of defense against a cyberattack is a strong and unique password. Not ones that use variations of “12345,” like the nine million it found.

Just 20 percent of people signed up for fraud monitoring software that warns of data breaches, according to the American Institute of CPAs[7]]. And more than a quarter of Americans don’t even know how to tell if they’ve become a victim of identity theft, according to Shred-it[8].

Bottom line is, most Americans aren’t taking the time to protect themselves from identity theft — and they’re paying for it.

How do companies protect your data?


More than half of companies (53 percent) in the U.S. were hacked in 2017, according to insurance company Munich RE[9]. So, it isn’t a big surprise that a joint survey from information technology company NTT DATA and Oxford Economics[10] found that only 8 percent of consumers trust businesses with their information.

But businesses are still trying to protect themselves, however, their employees are the ones that need to pick up the slack.

Half of respondents in another survey by 4iQ [11] ranked “someone hacking on to my work email” as dead last of their personal data concerns.

They also only use two or three passwords for all their accounts. And once a hacker cracks a password, not only is the person’s data at risk, the company’s data is too.

“The fact is, the chain is only as strong as its weakest link,” Julio Casal, Founder and Chief Technology Officer at 4iQ says. “Yet companies don’t often consider the fact that their vendor’s employee, whose username and password were compromised in a recent breach, used the same password for their work email. And now that cybercriminal holds the keys to your data. In this case, not only do we need to educate individuals about cybersecurity, but companies need to be monitoring the Deep and Dark Web for those lost or stolen keys.”

Other organizations don’t employ all of their workforces in protecting themselves against a breach. A study from nonprofit information technology auditing company ISACA [12] showed that only 34 percent of employees understand their role in cybersecurity culture.

And it isn’t all the employee’s fault. While the majority (nearly 60 percent) of businesses are taking steps to protect your data, 42 percent of businesses don’t have a written cybersecurity plan, something that lays out the steps for protection, and the protocol once a breach happens.

It might be because they aren’t willing to spend enough money to make it happen.

Some organizations that don’t think their security measures are where they need to be are only spending 19 percent of their cybersecurity budget on training. Organizations that are confident with their cybersecurity culture are spending more than twice as much on training their employees to protect their data.

Small business vs big business


Big-name companies have been under fire from their customers for cyberattacks.

This makes consumers think their data is safe with smaller businesses, but according to small business advice nonprofit organization SCORE[13], that’s far from true.

Forty-three percent of cyberattacks are directed at small businesses. And if larger companies aren’t increasing their budgets to amp up their cybersecurity, small businesses definitely aren’t either.

Unlike larger businesses, small companies may not have the technology to prevent and avoid cyberattacks and fraud attempts.

But according to Wolters Kluwer[14], both big and small business are generally “unaware” of the extent of the damages these kinds of attacks can cause.

Identity theft keeps getting worse


Over the past three years, identity theft has not only been on more people’s radars, but more people have also gotten hacked.

In 2016, more than a third of U.S. consumers had been hacked, according to Munich RE[15]. That was 40 percent more than in 2015.

Then in 2017, nearly half the people in the country had their information exposed in the Equifax hack, according to the Chicago Tribune. In total in 2017, the Identity Theft Resource Center[16] reported 1,579 data breaches, exposing over 158 million records. And they only expect that to be worse this year.

FICO and the Chamber of Commerce even got together for the first time to put out a report[17] on cybersecurity, and the businesses at risk. They scored their cybersecurity methods like your credit score is measured.

The sector that was most vulnerable was the media, telecommunications and technology sector. Construction had the lowest risk.

Who is most vulnerable to identity theft?


When it comes to age groups and identity theft, children and seniors are at risk most, according to credit bureau Experian[5].

Experian estimates that 25 percent of people will experience identity theft before they turn 18. And identity thieves are targeting children because, oftentimes, their Social Security numbers don’t have credit and mortgages linked to them, according to LifeLock[18], a service that alerts users of their personal information being used. previously reported that 12 is the average age that children get their identity stolen. But some babies as young as a few months old get their identity stolen.

Last year, the amount lost to identity theft in children was $2.6 billion.

Seniors (age 60 and older) are also at risk of identity theft, according to Experian, because they’re most prone to fall victim to phone or email scammers asking them to send money. Some of these emails can even pose as loved ones, asking seniors for money.

Phone scammers also pretend to be the IRS to target senior citizens, but the IRS never calls taxpayers demanding immediate payment, Anabel Marquez, a spokeswoman from the IRS told Experian.

How to protect yourself from identity theft


While Americans know identity theft is very real, and that they’re vulnerable, they’re either too lax and don’t take the steps to protect themselves, or they just don’t know how.

Here are some tips to protect yourself from identity theft from a cybersecurity specialist:

    • Keep your personal documents locked away, where only you can reach them.
    • Photocopy all cards and documents you keep in your wallet.
    • Check your bank and credit statements for any abnormal or unauthorized purchases.
    • Unsubscribe from junk email lists you’re on.
    • Cancel credit cards you aren’t using.
    • Don’t open or download content from suspicious email addresses.
    • Don’t use the same password, or variations of the same password, across your different accounts.
    • Don’t complete online transactions over a public WiFi connection.
    • Shred personal documents before throwing them away.
    • Never give your personal information to someone who calls you first.