Report: 90% of organizations experienced an identity-related incident in the last year
This week, the Identity Defined Security Alliance (IDSA) released its 2024 Trends in Identity Security Report, which is based on an online survey of more than 520 identity and security professionals from organizations with more than 1,000 employees.
The nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies said its report provides a deep dive into the challenges companies continue to face in securing the rapidly growing number of identities and the approaches organizations are taking toward security and identity.
According to the report, 84% of identity stakeholders said incidents directly impacted their business, up from 68% in 2023.
The most significant impact — seeing a measurable rise this year — was distracting from core business (52%), followed by the cost of recovering from the breach, which dropped from No. 1 this year but increased from 33% to 47%.
Close behind and keeping third place is the negative impact on the company’s reputation, notably increasing from 25% to 45%.
The study also revealed that only 10% of respondents didn’t have an identity-related incident during the past 12 months, consistent with last year’s report.
“Identity-related incidents are on the rise, emphasizing the need for strong identity security measures,” IDSA executive director Jeff Reich said in a news release. “Many of today’s major breaches result from sophisticated phishing and social engineering attacks or not having multi-factor authentication.
“These incidents not only impact operations, they cost a fortune — UnitedHealth experienced a $872 million loss from the Change Healthcare cyberattack,” Reich continued. “And they can also lead to significant drops in stock prices and lasting reputational damage.
“With identity threats becoming more severe, it’s crucial for organizations to strengthen their identity security frameworks to better protect against these growing challenges,” Reich went on to say.
IDSA broke down other key research findings into three categories, including:
The state of identity security in 2024
—22% of businesses see managing and securing digital identities as the number one priority of their security program, up from 17% in 2023.
—89% of organizations are concerned with employees using corporate credentials for social media.
—91% of organizations invoked their incident response plans, double of 2023 and 32% invoked their plans more three to five times.
How 2024 trends impact identity security
—Consistent with 2023, 89% of businesses are somewhat or very concerned that new privacy regulations will impact identity security.
—96% of respondents report artificial intelligence and machine learning will be beneficial in addressing identity-related challenges, with 71% stating the No. 1 use case is identifying outlier behaviors
—81% of identity stakeholders see password-less authentication as a solid technology for addressing identity issues.
Security outcomes remain a work in progress
—Down slightly, 93% of identity stakeholders said that security outcomes could have lessened the business impact of incidents.
—37% of respondents said implementing multi-factor authentication for all users could have prevented or minimized the effect of incidents, followed by timely reviews of access to sensitive data (42%) and privileged access (50%).
—99% of businesses reported they are planning to further invest in security outcomes in the next 12 months.
To download the full report, go to this website.