Only 10% of respondents from a study presented by the Identity Defined Security Alliance (IDSA) didn’t have an identity-related incident in the last 12 months, consistent with last year’s report.
“Identity-related incidents are on the rise, emphasizing the need for strong identity security measures,” says Jeff Reich, executive director at IDSA. “Many of today's major breaches result from sophisticated phishing and social engineering attacks or not having multi-factor authentication. These incidents not only impact operations, they cost a fortune — UnitedHealth experienced a $872 million loss from the Change Healthcare cyberattack. And they can also lead to significant drops in stock prices and lasting reputational damage. With identity threats becoming more severe, it's crucial for organizations to strengthen their identity security frameworks to better protect against these growing challenges."
Key takeaways:
- 84% of identity stakeholders said incidents directly impacted their business, up from 68% in 2023. The most significant impact, seeing a measurable rise this year, was distracting from core business (52%), followed by the cost of recovering from the breach, which dropped from No. 1 this year but increased from 33% to 47%. Close behind and keeping third place is the negative impact on the company’s reputation, notably increasing from 25% to 45%.
● 22% of businesses see managing and securing digital identities as the No. 1 priority of their security program, up from 17% in 2023.
● 89% of organizations are concerned with employees using corporate credentials for social media.
● 91% of organizations invoked their incident response plans, double of 2023 and 32% invoked their plans more 3-5 times.
● Consistent with 2023, 89% of businesses are somewhat or very concerned that new privacy regulations will impact identity security.
● 96% of respondents report artificial intelligence (AI)/machine learning (ML) will be beneficial in addressing identity-related challenges, with 71% stating the No. 1 use case is identifying outlier behaviors.
● 81% of identity stakeholders see passwordless authentication as a solid technology for addressing identity issues.
● Down slightly, 93% of identity stakeholders said that security outcomes could have lessened the business impact of incidents.
● 37% of respondents said implementing MFA for all users could have prevented or minimized the effect of incidents, followed by timely reviews of access to sensitive data (42%) and privileged access (50%).
● 99% of businesses reported they are planning to further invest in security outcomes in the next 12 months.