Why 84% Of US Firms Hit With Identity-Related Breaches In 2021

In a recent poll* of 500 US identity and security professionals the non-profit Identity Defined Security Alliance (IDSA) found that 84% had an identity-related breach in the past year, with 78%  experienced a  direct business impact as a result of the breach. Key Points:

Identity growth continues, making identity a top security priority

  • 98% Said the number of identities is increasing, primarily driven by cloud adoption, third party relationships, and machine identities.
  • 64% Have identified identities as among the Top 3 priorities for their security program

Risky behavior reduced when executives put focus on identity security

  • 71% Have executives who speak publicly to employees about password security
  • 60% Of IT/Security Stakeholders admitted to risky security behaviors

Investments in security outcomes still a work in progress, focus on basics lacking

  • 97% Will be investing in identity-focused security outcomes, the same as last year
  • MFA Is a key focus area, particularly for privileged users and employees
Notify of
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Oz.alashe , CEO
InfoSec Expert
June 23, 2022 2:20 pm

It’s unsurprising that phishing once again rises to the top of identity-related attack, with 64% of respondents noting that protection measures are a top priority, and fully 59% sharing that they’ve experienced a significant phishing attack in the last year. It’s time to move past reliance on first-gen “gotcha” phishing training, which educates valuable employees by “naming and shaming” them on lapses and missteps. The fact is that people aren’t the organization’s weakest link – they are and must be treated as among its greatest assets. Other classes of cybersecurity tools have advanced to the point where they provide real-time interventional assistance and intelligence that actually boosts both effectiveness and morale. It’s time for employee awareness training to similarly advance.

Last edited 13 days ago by oz.alashe
Information Security Buzz
Would love your thoughts, please comment.x