The numbers are huge. Cybersecurity issues cost our global economy a trillion dollars in 2020 and maybe $6 trillion in 2025.  Warren Buffett calls it ‘the number one problem with mankind.’   

I don’t know much about the real economic costs of cybercrime. (Pretty, but out of date infographic.) The majority of the costs are borne directly by government and businesses, but redistributed broadly in the form of higher prices and taxes. The costs are not all economic. Digital safety is critical in so many privacy concerns, civil rights issues and important debates about surveillance and freedom like the one about the proposed UK legislation.   

I make client cybersecurity health a small part of my practice. In the 1990s my first career was as a network engineer and though I’m far from an expert, I can stay on top of the consumer options and issues. Once a year we review some best practices and it’s a space to ask questions you were afraid to ask elsewhere.   

That risk is typically a form of ID theft, leading to a thief obtaining access to your account. My identity was stolen in 2002 when the Internet was still young.  (The most popular social media network that year was myspace.) ID theft was known but it was still new enough that banks and police really struggled to help me. I found an old FTC report that suggests the ID fraud rate was under 5% in 2003. Nonetheless, I don’t think I had any real financial loss or if I did it was small.   

It made me wonder about the financial risk ID theft poses to consumers today. We know it’s widespread. We’ve all had our ID information stolen by this point. Police departments and banks have entire teams dedicated to cybercrime response now. 

A 2016 study said that nearly 10 percent of USA adults were victims of identity fraud, meaning not only was their ID stolen online, but it was used to attempt fraud. That percentage doubled in the pandemic. And ID fraud is almost certainly systemically under-reported.    

The direct consumer costs are harder to find. An annual Javelin /AARP study said the average victim of identity theft suffered losses of $1,100 in 2021. The FTC says it’s closer to $800 and adds that 87.5% of the half million reports losses less than $10,000.  

Note that those include non-cyber frauds like the ones on this FBI list.  It’s also not clear if those numbers show any reimbursement the victims received from banks or government. (You are aware that if your credit card is stolen or your identity is used to open a fraudulent account, you are rarely responsible for the losses. Debit cards are bank by bank but generally less so. Use a credit card with 2% cash back instead.)     

Most reports of identity or cybertheft are about the incredible hassle clearing your good name!  The FTC estimates that it takes 9 hours of work for a consumer to deal with an identify fraud issue. That alone might be enough reason to practice better digital hygiene.   

The biggest risk is emotional. We all have feelings about personal financial security and the safety of loved ones.  It’s distressing to be attacked like that. 60% report anxiety and a host of other emotions afterward. Maybe that’s enough to motivate you to do more, maybe not. We all make choices about which risks we manage and we can’t do them all perfectly.   

Here are my top three recommendations for protecting yourself from ID theft. The best advice is really what will get implemented so start with the top level and work your way down. No, you probably don’t need to pay for a service.   

1. You must freeze your credit report via Equifax, Experian and Transunion. You always want a ‘Freeze’ not ‘Lock.’ Locks are paid services you do not need.  

2. Strongly consider learning the lifetime skill of using a password manager. I use 1Password but they are all roughly the same. I had my kids install the family version on their phones so I could send them secure notes, credit cards, social security numbers, etc. A good free option is Bit warden.  

3. You are probably already using two factor authentication (2FA) with any banking accounts, via your mobile phone. They send you a second-level login code via text message. If you can, start using an app-based 2FA for social media and email accounts. I recommend Authy as a 2FA provider but Google, Apple, and Microsoft are fine. Banks use mostly mobile codes, and are better than no 2FA, but still not as good as an app-based option.