Half of firms just starting with identity security amid growing threat

Nearly half of businesses are just beginning to address identity security despite growing threat of identity-based attacks, according to SailPoint Technologies Holdings.

Based on SailPoint’s June 2022 survey of nearly 350 cybersecurity executives across North America, Latin America, Asia and Europe, investing in identity security is no longer optional—and the cost of inaction is rising. 

Five in every six (84%) of organisations worldwide have experienced an identity-related breach, with 96% believing those incidents could have been prevented.

In addition to the cost of the breach itself, new regulations can impose costly fines. While maintaining compliance is not always an insignificant cost, non-compliance can be many times more expensive.

GDPR, for example, stipulates up to 4% of global revenue in fines for non-compliance. 

According to the report, machine identities make up 43% of all identities for the average enterprise, followed by customers (31%) and employees (16%). 

It’s no coincidence that machine identities and customer identities are the two identity types projected to grow at the fastest rate over the next three to five years. Notably, the total number of identities is projected to grow by 14% over that same span. 

“The truth is that almost every enterprise understands identity security is a challenge, but many of them don’t know where to begin,” said Matt Mills, SailPoint’s president of worldwide field operations. 

“Our hope is that by establishing a maturity model that both vendors and consumers can reference, we can create common ground upon which enterprises can reach full maturity faster, and without the growing pains that many endure as they search for answers,” said Mills.

The report shows that 45% of companies are still at the beginning of their identity journey. This means they have the unique opportunity to take advantage of today’s technology to build a comprehensive, AI-enabled approach to identity security from the ground up. 

“As enterprise identity needs move beyond human capacity, this approach has quickly become table stakes,” said Mills. “Not only that, but identity security has risen to the top as business essential to securing today’s enterprise.” 

Further, high-tech companies tend to have the highest level of identity security maturity, according to the report, followed by financial services and security firms. Media and entertainment and transportation, on the other hand, have the most room for growth. 

Of companies with the highest identity security maturity, 71% are large enterprises and 64% are located in North America, compared with 21% in Europe and 14% in the Asia-Pacific region. 

“It’s alarming that APAC enterprises of all sizes are trailing far behind in terms of identity security maturity,” said Chih-Feng Ku, SailPoint director of solution engineering in APAC. 

“Given that cyber attacks can cause business disruptions, damage of reputation and financial loss, enterprises must ensure identity security is at the foundation of their cybersecurity strategy,” said Ku.