Identity Threat and Assessment Prediction (ITAP)

Download the 2019 ITAP Report.

Identity Threat Assessment and Prediction (ITAP) is a risk assessment tool that increases fundamental understanding of identity theft processes and patterns of criminal behavior. ITAP aggregates data on identity theft to analyze and describe identity vulnerabilities, the value of identity attributes, and their risk of exposure.

The ITAP research program provides insight into the habits and methods of identity thieves. The ITAP model discovers the identity attributes most vulnerable to theft, assesses their importance, and determines the personally identifying information (PII) most frequently targeted by thieves. In doing so, ITAP intends to offer behavioral and cognitive recommendations to thwart future identity theft crimes.

The analytical repository of ITAP offers identity solutions relevant to people, organizations, and devices across multiple domains, including financial services, consumer services, healthcare, education, defense, energy, and government. ITAP seeks to provide an unprecedented level of awareness throughout the identity threat environment. Our goal is to use ITAP to deliver actionable knowledge grounded in analyses of past threats and countermeasures, current threats and solutions, and evidence-driven forecasts.

2019 ITAP Report

The 2019 ITAP report provides a summary of the latest statistics and findings from the ITAP project.  Key takeaways from the 2018 report include the following:

  • While we often think of cyber threats to be conducted by remote external hackers, this research finds that insider threats often take advantage of internal organizational knowledge to exploit cyber- vulnerabilities and perpetrate identity theft and fraud. An alarming 37% of these international cases involved only insiders and 8% involving both persons inside and outside the impacted organization. 
  • Cyber vulnerabilities represent almost 75% of the cases, indicating the significant use of computers and the internet to execute these crimes.
  • As found in prior 2018 UT CID ITAP research investigating U.S. identity theft and fraud cases, international victims come from all income levels but victims are most often college graduates as compared to other victim educational backgrounds.
  • Of all the consequences and loss experienced by victims—such as financial loss, property loss, and reputation damage—it is emotional distress that is most frequently reported by victims, ranging from medium to high levels of emotional trauma.
  • The four international market sectors most affected by identity theft and fraud internationally match the top four most affected U.S. market sectors as reported in the 2018 UT CID ITAP Report: Healthcare, Government, Consumer Services, and Financial Services.
  • Many of these international cases involve three of the PII types typically found in one’s wallet: “What you HAVE,” “What you KNOW,” and “What you ARE.”  “What you HAVE” credentials in particular are used in an extremely high percentage of international cases (85%) examined for this report. Over half the cases also involve “What you ARE” biometrics and “What you KNOW” biographical information. 
  • Behavioral biometrics of the type “What you DO” were involved in a relatively small percentage (5%) of the cases, but speak to an increasing amount of behavioral surveillance and consequential privacy risks.
  • The top 5 most frequently exposed, lost, stolen, or used fraudulently as part of the investigated cases are also some of the most public types of information. 
  • While the globally ubiquitous internet may represent the point of entry for a large percentage of international cases, the overall impact is limited, well-defined and “local,” with relatively few multi-national cases.

Download the 2017 ITAP report.