Just 1 in 10 firms enjoy a mature identity security tack

Image courtesy of CyberArk

Only 9% of global firms are taking an agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud environments, according to a report from CyberArk.

These transformative organisations have a well-rounded focus on implementing Identity Security tools, are inherently agile and display a “fail fast, learn faster” characteristic even in times of a successful cybersecurity attack.

The report features an Identity Security maturity model to help cybersecurity leaders assess their current strategies, uncover risks and take steps to strengthen cyber resilience.

The Enterprise Strategy Group (ESG) conducted a survey of 1,500 IT and security decision-makers in the third quarter of 2022. Respondents were based in the United States, Canada, Mexico, Brazil, Israel, Germany, the United Kingdom, Spain, Italy, Netherlands, Australia, Hong Kong, India, Japan, Singapore, Taiwan.

And while one-tenth of surveyed firms have mature strategies, 42% of global respondents’ Identity Security programs are in the earliest stage of maturity and lack foundational tools and integrations to quickly mitigate identity-related risk. 

An expanding identity attack surface, IT complexity and several organisational roadblocks contribute to this widespread Identity Security deficit. 

Amid a gap between strategy and outcome, 69% of global C-level executives believe they are making correct Identity Security-related decisions compared to 52% of all other personnel like technical decision makers and practitioners.

In APAC, only 60% of C-level executive believing that they are making correct Identity Security-related decisions. The gap highlights the perception that overall security can be achieved by making the right technology investments. 

Strategically maximising those investments to include implementation and integration with existing environments, breaking down silos and improved training are equally important.

With disparate endpoint data, 94% of APAC respondents believe that endpoint security or device trust and identity management are essential to a robust Zero Trust strategy, and 65% of APAC respondents believe the ability to correlate data is critical for effectively securing endpoints.

As a result of a successful cybersecurity attack tied to an identity-related or permission-/entitlement/credential-related incident in the last 12 months, APAC organisations suffered loss of customers/revenue (44%), paid compliance fines (47%), had difficulty responding to an audit/failed an audit (49%), and impact on the ability to provide services (51%).

Top reasons listed by APAC organisations that hold them back from optimising its strategy on identity-related security issues are the lack of cybersecurity staff (41%) as well as the competency to secure identities (38%).

Further, 58% of global organisations have two teams responsible for securing identities in the cloud and on-premises and rely on numerous point solutions, making it difficult to understand their real-time security posture.

“While 72% of APAC organisations admit to being a victim of identity-based attacks, this percentage is likely much higher as adversaries continue to successfully target and compromise identities at scale,” said Amita Potnis, director of Brand and Thought Leadership at CyberArk. 

“Our research indicates that many have already begun investing in [a holistic strategy], with 24% of organisations committing more than 10% of their overall cybersecurity budget their Identity Security programs this year,” said Potnis.