Bad IAM Could Cost Organizations $5M per Year, Forrester Report Says

Bad IAM Could Cost Organizations 5 Million per Year Forrester Report Says

The enterprise security industry is failing, according to a new study from industry analyst house Forrester Research. The study, commissioned by Centrify, found an astonishing two-thirds of organizations experienced an average of five or more security breaches in the past two years, and hackers compromised more than one billion identities in 2016 alone.

Security perimeters, supported by digital walls and gatekeepers, are failing. The rapid introduction of new technologies, platforms, applications, and practices, are eroding that perimeter, and time after time, we’ve seen organizations that rely solely on firewalls and perimeter-based security fall victim to cyber-attacks that are, at the very least, embarrassing, and at worst, disastrously damaging.

With 90 percent of all enterprises moving to the cloud, and billions of users accessing data across millions of applications, enterprises face a flood of identities in and out of the enterprise, creating a new dimension in security accessed by one permission: the password.

For their study, clumsily titled Stop The Breach: Reduce the Likelihood Of an Attack Through An IAM Maturity Model, Forrester surveyed more than 200 enterprise IT security decision-makers in charge of identity and access management to assess the impact of strong IAM capabilities on organizational security.

Forrester’s study found that a shocking 83 percent of organizations do not have a mature approach to Identity and Access Management (IAM), resulting in two times more breaches and $5 million more in costs, on average. The study also found that 91 percent of organizations with the most mature IAM stances gravitate toward integrated IAM platforms, rather than relying on multiple point solutions, and spend 40 percent less on technology.

According to Forrester, more mature IAM approaches showed a direct correlation to reduced security risk, improved productivity, increased privileged activity management and greatly reduced financial loss over their less mature counterparts.

Organizations with the highest IAM maturity experience half the number of breaches as the least mature: they are 46 percent less likely to suffer a server or application breach, 51 percent less likely to suffer a database breach and 63 percent less likely to suffer cloud infrastructure breach.

Additionally, businesses that secure both regular and privileged access are less likely to experience a breach compared to those organizations that adopt fewer best practices. Forrester estimates that 80 percent of security breaches involve privileged credentials that typically belong to the IT professionals who administer the systems, databases, and networks of an organization.

Organizations with the least IAM maturity averaged over 12 breaches, more than twice the number of breaches of the most mature, and endure more than $5 million more in financial damage.

For more in-depth statistics, you can download the full study from Centrify here.

Jeff Edwards
Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff