74% of organizations face outages due to expired certificates

As information security budgets grow and funds are allocated to protect the defensive perimeter, many companies have overlooked the critical importance of digital certificate management. And a new study shows it could cost them up to $67.2 million over the next two years.

The study, a benchmarking report released today by Keyfactor and Ponemon Institute also finds that 71% of IT pros believe that their organization does not know exactly how many keys and certificates it has.

“Digital identity is a critical component of any organization – its currency, really,” said Chris Hickman, Chief Security Officer at Keyfactor. “The Keyfactor-Ponemon study shows that organizations are spending an average of $18.2 million on IT security annually and only 14% of that is allocated to PKI. Yet the average company is managing upwards of 83,000 digital certificates to encrypt data and authenticate servers and secure data on IoT devices. The burden of PKI should be offset by technology that reduces risk and operational costs, improves efficiencies and automates certificate lifecycle management.”

Measuring the cost of unsecured digital identities

The report, titled “The impact of unsecured digital identities,” provides data-driven insights into the dangers and consequences of weak digital identity management. Key report findings include:

• When it comes to digital identity management, companies are in the dark: 71% of IT pros believe that their organization does not know how many keys and certificates it has.
• Mismanagement of digital certificates causes downtime and outages: 74% of respondents say digital certificates have caused and still cause unanticipated downtime or outages – at an average cost per organization of more than $11M.
• The consequences are costly: The total cost of downtime and outages averages $67.2 million per company over a period of two years. This is due to system administration and support time, lost productivity, immediate revenue loss and diminished brand reputation.
• Reputation is at stake: 73% of IT pros believe that failing to secure keys and certificates undermines the trust their organization relies upon to operate.

“The findings of our research with Keyfactor underscores the importance of digital identity management – it isn’t receiving the attention or resources that it requires,” said Dr. Larry Ponemon, founder of the Ponemon Institute. “Companies need to take steps today to put processes and technologies in place to proactively manage certificates and keys in the enterprise.”

“We know that many organizations struggle with properly and efficiently managing certificates and there’s a clear gap in understanding how critical it is, especially at the executive level,” continued Chris Hickman. “Unfortunately digital identity management is often siloed and assumed to be a pure IT function. This report should empower PKI and infosec teams to ask for the resources they need to fully manage and secure every digital identity.”

The study was conducted by Ponemon Institute on behalf of Keyfactor, and included responses from 596 IT and IT security practitioners in the United States across critical industries including financial services, healthcare and medical devices, retail and automotive.