90 percent of organizations experienced an identity-related incident in the last year – Security Today

Study: 90 percent of organizations experienced an identity-related incident in the last year

Identity-related incidents continue to dominate headlines. Clorox, MGM and Caesars fell victim to social engineering, while 23andMe suffered a breach through a hacking method called credential stuffing and UnitedHealth lacked multi-factor authentication (MFA). Although these companies made headlines due to the scale of the breach, today’s study found that only 10% of respondents did not have an identity-related incident in the past 12 months, which is consistent with last year’s report.

A staggering 84% of identity stakeholders said incidents directly impacted their business, up from 68% in 2023. The most significant impacts that saw a measurable increase this year were distraction from core business (52%), followed by the cost of recovering from the breach, which, while down from first place this year, increased from 33% to 47%. Close behind and in third place is the negative impact on company reputation, which increased significantly from 25% to 45%.

“Identity-related incidents are on the rise, underscoring the need for strong identity security measures,” said Jeff Reich, Executive Director at IDSA. “Many of today’s major breaches are the result of sophisticated phishing and social engineering attacks or the lack of multi-factor authentication. Not only do these incidents impact operations, they also cost a fortune – UnitedHealth suffered $872 million in losses from the Change Healthcare cyberattack. And they can also lead to significant stock price declines and lasting reputational damage. With identity threats increasing, it’s critical for organizations to strengthen their identity security frameworks to better protect against these growing challenges.”

Key research findings:

The state of identity security in 2024

• 22% of organizations view managing and securing digital identities as the top priority of their security program, up from 17% by 2023.
• 89% of organizations are concerned about employees using corporate credentials for social media.
• 91% of organizations activated their emergency response plans, twice as many as in 2023, and 32% activated their plans three to five times more than in 2023.

How trends will impact identity security in 2024

• In 2023, 89% of organizations are somewhat or very concerned that new data protection regulations will impact identity security.
• 96% of respondents say AI/ML will help address identity-related challenges, with 71% saying the top use case is identifying outlier behavior.
• 81% of identity stakeholders view passwordless authentication as a solid technology for solving identity problems.

Safety results remain pending

• With a slight decrease, 93% of identity stakeholders said that the business impact of incidents could have been reduced through security-related measures.
• 37% of respondents said that implementing MFA for all users could have prevented or minimized the impact of incidents, followed by timely reviews of access to sensitive data (42%) and privileged access (50%).
• 99% of companies said they plan to make further investments in their security over the next twelve months.