close
close

Identity-related incidents are becoming increasingly serious and costing companies a fortune

Due to increasing identity diversity and system complexity, more companies than ever are affected by identity-related incidents, according to IDSA.

Identity-related incidents are increasing

Identity-related incidents in the headlines

Identity-related incidents continue to dominate the headlines today. Clorox, MGM, and Caesars fell victim to social engineering, while 23andMe suffered an attack through a hacking method called credential stuffing and UnitedHealth lacked multi-factor authentication (MFA).

Although these companies made headlines due to the magnitude of the breach, the study found that only 10% of respondents had not experienced an identity-related incident in the past 12 months, which is consistent with last year’s report.

A staggering 84% of identity stakeholders said incidents directly impacted their business, up from 68% in 2023. The most significant impacts that saw a measurable increase this year were distraction from core business (52%), followed by the cost of recovering from the breach, which, while down from first place this year, increased from 33% to 47%. Close behind and in third place is the negative impact on company reputation, which increased significantly from 25% to 45%.

“Identity-related incidents are on the rise, underscoring the need for strong identity security measures,” said Jeff Reich, Executive Director at IDSA. “Many of today’s major breaches are the result of sophisticated phishing and social engineering attacks or the lack of multi-factor authentication. Not only do these incidents impact operations, they also cost a fortune – UnitedHealth suffered $872 million in losses from the Change Healthcare cyberattack. And they can also result in significant stock price losses and lasting reputational damage. As identity threats become more severe, organizations must strengthen their identity security frameworks to better protect against these growing challenges.”

The state of identity security in 2024

22% of organizations consider managing and securing digital identities a top priority of their security program (up from 17% in 2023). 89% of organizations are concerned about employees using corporate credentials for social media.

91% of organizations activated their emergency response plans, twice as many as in 2023, and 32% activated their plans three to five times more than in 2023.

In line with 2023, 89% of organizations are somewhat or very concerned that new data privacy regulations will impact identity security. 96% of respondents say AI/ML will help address identity-related challenges, with 71% saying the top use case is identifying outlier behavior.

81% of identity stakeholders view passwordless authentication as a solid technology for solving identity problems.

Declining slightly, 93% of identity stakeholders said the business impact of incidents could have been reduced through security-related measures. Thirty-seven percent of respondents said implementing MFA for all users could have prevented or minimized the impact of incidents, followed by timely reviews of access to sensitive data (42%) and privileged access (50%).

99% of companies said they plan to make further investments in their security over the next twelve months.

The 2024 Identity Security Trends report is based on an online survey of more than 520 identity and security professionals from organizations with over 1,000 employees.