On April 27 2007 the Associated Press reported that the Caterpillar Corporation of Peoria, IL had been the victim of massive identity theft. The theft came in the form a stolen laptop containing employee information. Caterpillar employs over 90,000 people worldwide. All of them, in that instant, became potential victims of massive Identity Theft. The potential cost of that Identity Theft could be in the millions of dollars. The result? On the day the theft was announced Caterpillar’s shares rose 76 cents on the NYSE.
Depending on which source one listens to the number of incidents of Identity Theft range from 100 million to over 300 million every year… and the problem is increasing. Now, the previous sentence is filled with qualifiers, uncertainties and suppositions… and that is part of the problem. It is almost impossible to determine the severity of the problem of Identity Theft. One of the major difficulties in determining the severity of the problem is that a significant number of incidents of Identity Theft, some experts say even the majority, goes unreported.
What is needed is an identity Theft Scorecard. This Identity Theft Scorecard would be a tool that could be used to develop a series of Identity Theft countermeasures. The Identity Theft Scorecard should be a tool that provides solid, objective, impartial and rational KPI (Key Performance Indicators) to what can be a very emotion laden issue. With the information provided from these Identity Theft Scorecards an “Identity Theft Metrics” could be developed. This Metrics would be an empirically accurate measurement of not only the costs associated with Identity theft, but also the number and type of victims and, perhaps, the number and type of perpetrators. An Identity Theft Metrics would quantify threats and vulnerabilities and provide a means to begin to address those areas of risk. It would also, hopefully, provide a tool that could be used to determine the perpetrators of the crime and curtail their activities.
Any accurate Identity Theft Metrics will have as its core KPI a measurement of risk, not uncertainty. Risk is manageable, uncertainty isn’t. Once areas of risk or vulnerability are known they can be quantified and proactively addressed. What cannot be measured is the unknown, the supposed or the hypothetical. It is possible to become so obsessed with the “what ifs” that the primary task, the combating of the actual and real threats, is neglected. Thus it is vital that a central premise of the KPI deals with real, not imagined, risk.
As the economy is increasingly digitized and the vulnerability of people and corporations to Identity Theft increases, quantify the risks. Only by developing a real, measurable, empirical Identity Theft Metrics with measurable KPI at its core can we hope to deal with the issue of Identity Theft in an effective manner.