New Cybersecurity Survey Indicates 3 in 5 Companies Expect to Be Breached in 2017
SailPoint found that 67% of organizations that reported being breached in 2016 suffered an average material impact of $4 million to the business.
AUSTIN, Texas – SailPoint, a provider of enterprise identity management solutions, announced the results of its 9th Annual Market Pulse Survey, which looks at how enterprises are changing their approach to security amid an evolving threat landscape.
The 2017 survey found that of the 67% who reported being breached in 2016, the average material impact to the business was $4 million. The survey also found that 51% of companies suffered two or more breaches in the last 12 months. Three in 5 organizations to be breached in 2017, with 33% believing they won’t even know they were breached when it happens.
As a result, survey respondents are focused on mitigating their exposure points as an organization, with the majority (87%) seeing identity management as a foundation of their security strategy.
The SailPoint Market Pulse Survey provides a global benchmark into how IT decision-makers are navigating today’s compliance and security challenges. The company commissioned independent research firm Vanson Bourne to interview 600 senior IT decision-makers at organizations with at least 1,000 employees across the United States, Australia, France, Germany, Italy and the United Kingdom.
The report found common areas of risk that organizations need to address:
Documents and files may be an enterprise’s biggest downfall in 2017: Unstructured data that lives outside of structured corporate systems and applications is a huge red flag for enterprises today – even though that data runs rampant through a typical enterprise, 71% aren’t sure how to manage and protect that data from theft.
Employees need to understand and follow corporate security policies: Over one-third of respondents cite trends like Bring-Your-Own-Device (BYOD) and Shadow IT as great areas of risk for their organization, yet less than half have formalized corporate security policies in place. Coupled with the risks posed by continued poor password hygiene cited by 37% of respondents, it’s clear that enterprises need to better outline and enforce corporate security policies, company-wide.
READ NEXT: How to Enhance Value Proposition and RMR Potential With Managed Service Providers
The contractor workforce is an enterprise blind spot: The surge in freelancers, contract workers and other third parties that make up today’s diverse workforce presents a significant challenge for organizations as it relates to managing identities and their access. Sixty percent of respondents are concerned with the threat that contractors may pose to their organization, with 86% admitting they only have partial visibility into the access contractors have to corporate systems and the sensitive data that lies within.
“This year’s Market Pulse Survey highlights that the conversation is clearly changing as organizations consider how to mitigate their risk – or minimize their exposure when a breach happens,” says SailPoint CMO Juliette Rizkallah. “This is a positive change, as fostering open conversations and best practices will only benefit these organizations when they find themselves in the unfortunate position of being breached. The common areas of exposure can be addressed, but many organizations are struggling with how or even where to start. This report provides a clear roadmap for them to get their house in order.”
The survey also reveals that IT decision-makers now view identity as the center of their security program. Consider:
- 60% of respondents are concerned about proper visibility into who has access to what across their corporate network, with a majority (73%) admitting that if their CEO’s email was hacked, they wouldn’t immediately know what their exposure points were.
- Nearly all (87%) of respondents now understand the importance of having strong identity governance controls in place across their organization’s entire IT infrastructure, especially when it comes to showcasing that those controls are in place to their board of directors.
- The benefits of an identity governance program are clear, with respondents citing enhanced security (72%), a more automated and efficient organization (71%), and business enablement (65%), as key business benefits.
- Specific to European respondents, as the GDPR compliance deadline looms, compliance bubbled to the top as a key goal and driver behind identity governance programs for nearly three-quarters (73%) of UK respondents, and nearly half of German (42%) and French (49%) respondents.
“It’s clear that now more than ever before, organizations better understand what – and where – their risks are, and that identity management can help address those risks. Identity provides that ability to put the detective and preventive controls in place to address all of these exposure points, while automating many identity-related processes to ensure that only the right people have the right access to applications and data at the right time,” says Rizkallah. “By putting identity at the center of security and IT operations, these organizations can move their IT teams out of full-time firefighting mode, freeing them up to focus on enabling the business to move forward, confidently and securely.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!