Lack of adequate investments hinders identity security efforts

Organizations are still grappling with identity-related incidents, with an alarming 90% reporting one in the last 12 months, a 6% increase from last year, according to The Identity Defined Security Alliance (IDSA).

Protecting digital identities

As identities continue to significantly grow, identity stakeholders are faced with an increasing number of barriers without the needed support from leadership. A staggering 49% report that their leadership teams understand identity and security risks and proactively invest in protection before suffering an incident, while 29% only engage and support after an incident.

“As cloud adoption, remote work, mobile device usage, and third-party relationships drive up the number of identities, more and more organizations are suffering from identity-related incidents,” said Jeff Reich, Executive Director, IDSA.

“Protecting digital identities has never been more important in the fight against increasingly savvy cyberattacks. And while managing and securing identities continues to be called out as a top priority by organizations, meaningful shifts in proactive investment and leadership are necessary to reduce risk,” Reich continued.

Protecting digital identities has never been more crucial as cyberattacks rapidly increase in sophistication and volume. Organizations need to ensure only the right people have access to the right data, networks, and systems and that they use technologies effective at preventing malicious actors from gaining access to sensitive information.

The research finds that as the number of identities increases, more businesses are suffering identity-related incidents and are prioritizing securing them as a critical priority. Securing these identities remains a significant challenge for most organizations and security outcomes are a work in progress.

Identity-related challenges

Number of barriers and a lack of proactive investment from leadership presents biggest challenge

• Top two barriers for security teams are identity frameworks being complicated by multiple vendors and different architectures (40%) and complex technology environments (39%)
• Respondents also identified insufficient budget (30%), a lack of expertise (29%), standards (26%), people (25%), and governance (23%) as barriers
• Only 49% of identity stakeholders said their leadership teams understand identity and security risks and proactively invest in protection prior to an incident

Identity growth continues, making identity a top security priority

• 55% report that the adoption of more cloud applications is the main reason for an increase in the number of identities
• Other critical factors driving identity growth were identified as the rises in remote work (50%), mobile device usage (44%) and third- party relationships (41%)
• 86% of respondents say managing and securing identity is one of the top five priorities of their security program

2023 trends are impacting identity security

• 89% of businesses are somewhat or very concerned that new privacy regulations will impact identity security
• 98% of respondents report AI/ML will be beneficial in addressing identity-related challenges, with 63% stating the number one use case is identifying outlier behaviors
• Social media is a key concern for businesses, with 90% saying they were slightly or very worried about employees using corporate credentials for their social media accounts

Investments in security outcomes improving, but still a work in progress

• 96% of identity stakeholders said that security outcomes could have lessened the business impact of incidents
• 42% of respondents said implementing MFA for all users could have prevented or minimized the effect of incidents, followed by timely reviews of access to sensitive data (40%) and privileged access (34%)
• 97% reported that they are planning to further invest in security outcomes in the next 12 months