New study shows: 90% of companies were affected by an identity-related incident in the last year, 84% reported direct business impact

With the rise of social engineering and sophisticated phishing, the Identity Defined Security Alliance offers insights to mitigate risk

LAS VEGAS, May 28, 2024 /PRNewswire/ — The Identity-defined security alliance (IDSA), a nonprofit organization that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, today launched its Trends in Identity Security 2024 Report based on an online survey of over 520 identity and security professionals from organizations with over 1,000 employees. This report provides a comprehensive look at the challenges organizations continue to face in securing the rapidly growing number of identities and the approaches organizations are taking around security and identity.

Identity-related incidents continue to dominate headlines today. Clorox, MGM and Caesars fell victim to social engineering, while 23andMe suffered a breach through a hacking method called credential stuffing and UnitedHealth lacked multi-factor authentication (MFA). Although these companies made headlines due to the magnitude of the breach, today’s study found that only 10% of respondents did not have an identity-related incident in the past 12 months, which is consistent with last year’s report.

A staggering 84% of identity stakeholders said incidents directly impacted their business, up from 68% in 2023. The most significant impacts that saw a measurable increase this year were distraction from core business (52%), followed by the cost of recovering from the breach, which, while down from first place this year, increased from 33% to 47%. Close behind and in third place is the negative impact on company reputation, which increased significantly from 25% to 45%.

“Identity-related incidents are on the rise, underscoring the need for strong identity security measures,” said Jeff ReichExecutive Director at IDSA. “Many of today’s major security breaches are the result of sophisticated phishing and social engineering attacks or a lack of multi-factor authentication. These incidents not only impact operations, they also cost a fortune – UnitedHealth experienced a 872 million US dollars Losses from the Change Healthcare cyberattack. And they can also lead to significant share price losses and lasting reputational damage. With identity threats becoming increasingly serious, it is critical for organizations to strengthen their identity security frameworks to better protect themselves against these growing challenges.”

Key research findings:

The state of identity security in 2024

22% of organizations view managing and securing digital identities as the top priority of their security program, up from 17% by 2023.
89% of organizations are concerned about employees using corporate credentials for social media.
91% of organizations activated their emergency response plans, twice as many as in 2023, and 32% activated their plans three to five times more than in 2023.

How trends will impact identity security in 2024

In 2023, 89% of organizations are somewhat or very concerned that new data protection regulations will impact identity security.
96% of respondents say AI/ML will help address identity-related challenges, with 71% saying the top use case is identifying outlier behavior.
81% of identity stakeholders view passwordless authentication as a solid technology for solving identity problems.

Safety results remain pending

With a slight decrease, 93% of identity stakeholders said that the business impact of incidents could have been reduced through security-related measures.
37% of respondents said that implementing MFA for all users could have prevented or minimized the impact of incidents, followed by timely reviews of access to sensitive data (42%) and privileged access (50%).
99% of companies said they plan to make further investments in their security over the next twelve months.

For more information download the full report.

Identiverse 2024
Connect Panelists from Target, Intuit, Dimensional Research and IDSA discuss 2024 trends for securing digital identities at Tuesday, May 28 out of 1:00 p.m.–1:50 p.m. PT.

About the Identity Defined Security Alliance
The IDSA is a group of identity and security vendors, solution providers, and practitioners that serves as an independent source of thought leadership, expertise, and practical guidance on identity-centric security approaches for technology professionals. The IDSA is a nonprofit organization that fosters community collaboration to help organizations reduce risk by providing education, best practices, and resources. For more information on membership, visit https://www.idsalliance.org/about-us/membership/.

Follow IDSA:
X (formerly Twitter): Twitter: “Idsalliance”
LinkedIn: www.linkedin.com/company/identity-defined-security-alliance/
Blog: https://www.idsalliance.org/blog/

Media contact:
Angelique Lazy
Silver Jacket Communication
513.633.0897
(email protected)

Source: IDSA

Related Posts

A minor was arrested after a knife was pulled during a late-night brawl at West Salem High School

Moscow Stock Exchange suspends trading in dollars and euros

NOAA predicts larger-than-average “dead zone” in the Gulf of Mexico without oxygen