94 percent of organizations suffer identity-related breaches
According to a new survey, 79 percent of organizations have experienced an identity-related breach in the last two years, while 94 percent report having had one at some point.
The study from the The Identity Defined Security Alliance (IDSA), based on a survey of over 500 IT security and identity decision makers conducted by Dimensional Research, finds that 66 percent say phishing is the most common cause of identity-related breaches, while 99 percent believe their breaches were preventable.
"When approaching identity security, professionals must first consider a range of desired outcomes, or results they want to achieve, and then chart their paths accordingly," says Julie Smith, executive director of the IDSA. "According to security and identity professionals, these outcomes are still a work in progress, with less than half reporting that they have fully implemented any of the identity-related security outcomes that the IDSA has initially identified as critical to reducing the risk of a breach. In fact, the research shows a clear correlation between a focus on identity-centric security outcomes and lower breach levels."
Despite these breaches, less than half of organizations have fully implemented key identity-related security outcomes. However, 71 percent have made organizational changes to the ownership of identity management.
Corporate culture seems to have a role to play, with just 34 percent of companies with a 'forward-thinking' security culture reporting an identity-related breach in the past year -- far fewer than the 59 percent of companies with a 'reactive' security culture.