Authentication failures lead to lost customers

A new study carried out by the Ponemon Institute and sponsored by passwordless authentication platform company Nok Nok Labs, shows the significant costs to businesses that result from authentication failures and weaknesses.

According to the study, which surveyed 1,007 IT staff, IT security leaders, and line of business leaders, the average business losses across all types of authentication weaknesses range from $39 million to $42 million.

Some of the consequences and economic losses created by system-level authentication weaknesses include excessive account recoveries, password resets, and susceptibility to automated attacks such as credential stuffing, where the attacker has a list of valid username and password credentials.

"Although it's not surprising, it is revealing to see how high the cost of a system-level authentication failure can be for an organization," says Larry Ponemon, chairman and founder of the Ponemon Institute. "Knowing the significant potential cost, the data in this report should enlighten and motivate organizations to re-examine their security processes, access control methods and drive strategic alignment to mitigate system authentication weaknesses and related business risks."

The survey shows significant gaps in understanding. Only 32 percent of IT security respondents and 44 percent of IT security leaders say their organizations have a high level of control over their authentication processes while 67 percent of line of business respondents are confident in their organizations’ controls.

Similarly, 66 percent of LoB respondents say their organizations are very prepared or highly prepared to reduce the risk of authentication failures compared to just 40 percent of IT security staff respondents.

When it comes to confidence in being able to distinguish 'real' users from criminal imposters using stolen credentials, 66 percent of IT security staff respondents say it is very difficult or difficult compared to 48 percent of LoB.

"This data is clearly eye-opening to the sizable risks and costs incurred when organizations do not properly address authentication failures that arise from system-level processes and workflows," says Phil Dunkelberger, CEO of Nok Nok. "The gap that exists between the line of business and IT sides of the organization is alarming. It is clear that internal end-user authentication failures have many risks and incurred costs where the security environment is fairly controlled, meaning where an enterprise controls employee authentication hardware and platforms. Similarly, the same risks and even increased costs must exist where the organization enterprise has little or no control over the devices, platforms or connectivity used by its millions of customers in customer-facing authentication applications."

You can get the full report from the Nok Nok site.

Image credit: F8 studio / Shutterstock