Equifax’s massive hack has a tiny silver lining
More employees are likely to see a timely new offering when they choose their benefits in a month or so: identity-theft protection.
About 35 percent of companies offered it in 2015, global advisory firm Willis Towers Watson has reported, and 70 percent have said it could be on their benefits menu by 2018.
The huge data breach at Equifax is accelerating that timetable. Interest in adding the service as part of a voluntary benefits plan was already on the rise over the past few years, courtesy of the massive Anthem data breach in 2015, among others. But that’s nothing compared with this latest credit bureau disaster.
“Over the last two weeks or so – oh my word,” said Amy Hollis, national leader-voluntary benefits at Willis Towers Watson. “The entire paradigm of how employers are viewing identity theft has just shifted.”
Now, some employers that planned to offer it next year are trying to shift it to this year, she said, making it one of the fastest-growing plan options. This development will of course be a boon to identity-theft protection companies such as InfoArmor, ID Watchdog, LifeLock and CyberScout.
“I see the fever pitch at which these programs are being adopted in benefits plans, and it’s only becoming more fevered since the Equifax breach,” said Adam Levin, chairman and founder of CyberScout and a former director of the New Jersey Division of Consumer Affairs.
Employers see it as a timely perk that appeals to everyone – especially millennials. Plus, it’s low-cost. Last year, the Internal Revenue Service said it could be considered a non-taxable benefit for employees; before, it was taxable unless the employer had a breach.
Many companies offer the service free to employees; others offer it at a discounted price or share the cost. At some employers, if an employee wants to make it a family plan, they can pay extra.
Employers have a strong interest in their workers using the service. Recovering from ID theft can be a huge drain on time-most calls to fix things have to be made during the workday. A 2016 report from the Identity Theft Resource Center, which helps victims of identity theft, found that nearly 56 percent of victims surveyed needed to take time off work to deal with the issue.
Then there’s the mental cost: A 2014 survey of identity victims by the Department of Justice found that 36 percent of people whose personal information was stolen “reported moderate or severe emotional distress as a result of the incident.”
How effective are identity theft protection services in preventing fraud? That’s extremely difficult to judge, since the data is “fairly green,” said Hollis. A March 2017 report by the Government Accountability Office found that “when selecting a vendor to provide identity theft services, companies consider a variety of factors, but generally do not directly assess the effectiveness of each provider’s services, according to breached companies and experts with whom we spoke.”
The biggest benefit for employers and employees may be peace of mind-and thus higher productivity.The federal government is no stranger to picking up after cyberattacks, either. After a 2015 breach, the U.S. Office of Personnel Management entered into contracts worth $240 million for identity theft services for federal employees, according to the GAO report. The report noted that early last year the Obama administration proposed for the fiscal year 2017 budget that identity theft services be added as an employee benefit.
Should another breach happen, the General Service Administration does have contracts with IdentityForce to provide identity monitoring and data breach response services for affected workers, and with Identity Theft Guard Solutions, which does business as ID Experts.