Measuring Identity Theft Risks with Balanced Scorecard

Depending on which source one listens to the number of incidents of identity theft range for 100 million to over 300 million every year… and the problem is apparently increasing.  Now, the previous sentence is filled with qualifiers, uncertainties and obfuscations.  That is part of the problem.  No one really knows how to determine the depth of the problem.  What we need is an identity Theft Scorecard.  We as a society know that it's happening and we know it's a problem.  (The average identity theft costs a person between $180.00 and $5,000.00… but again, we don't really know!).  One of the major difficulties in determining the severity of the problem is that a significant amount, some experts say even the majority, of identity theft goes unreported.What is needed is an Identity Theft countermeasures methodology that provides solid, objective, impartial and rational KPI (key performance indicators) to what can be a very emotion laden issue.  This “Identity Theft Metrics” would be an empirically accurate measurement of not only the costs associated with Identity theft, but also the number and type of victims and, perhaps, the number and type of perpetrators.  An Identity Theft Metrics would quantify a person's threats, vulnerabilities and provide a means to counteract those begin to address those areas of risk.  It would also, hopefully, provide the authorities with a means and methodology to track down the perpetrators of the crime and curtail their activities.  Once the KPI is determined it would allow management of the risks.  In other words, until we know the problem, and, in this case, the extent of it, it's impossible to find an effective and comprehensive solution.It's important to note, also, that any accurate Identity Theft Metrics will have as its core KPI a measurement of risk, not uncertainty.  Risk can be managed, uncertainty cannot.  This is an important distinction in the KPI because it highlights the areas which can be proactively addressed.  Once areas of risk or vulnerability are known they can be quantified and countermeasures can be developed to address them. Addressing these areas of vulnerability can be quantified in a KPI.  What cannot be measured is the unknown, the supposed or the hypothetical.  A team can become so obsessed with the “what ifs” that they neglect the primary task at hand, the combating of the actual and real threats.  Thus it is vital that a central premise of the KPI deals with real, not imagined, risk.As the economy becomes more and more digitized, incidents of harmful Identity Theft will continue to rise and become more statistically quantifiable.  As the vulnerability of people and corporations increases, so also must the ability to manage the risks.  Only by developing real, measurable, empirical Identity Theft Score cards that can be used as the basis of a workable Identity Theft Metrics with measurable KPI at its core can we hope to deal with the issue of Identity Theft in a viable and effective manner.