79% of Organizations Have Experienced an Identity-Related Security Breach in the Last Two Years According to New Identity Defined Security Alliance Study

Along with Study, IDSA Publishes Identity Defined Security Outcomes Library to Help Organizations Make Sense of Complex Identity and Security Technology Landscape


DENVER, May 14, 2020 (GLOBE NEWSWIRE) -- The Identity Defined Security Alliance (IDSA), an industry alliance that helps organizations leverage existing cybersecurity investments to establish a stronger security posture, today released a study titled, “Identity Security: A Work in Progress,” which is based on an online survey of 502 IT security and identity decision makers. The report highlights trends in identity-related security and what forward thinking companies are doing differently to reduce the risk of a breach.

The number of workforce identities in the enterprise is growing dramatically, largely driven by DevOps, automation, and an increase in enterprise connected devices, which will only continue to accelerate identity growth. At the same time, compromised identities remain one of the leading causes of a data breach. According to the study, the vast majority of IT security and identity professionals have experienced an identity-related breach at their company within the past two years, with nearly all of them reporting that they believe these breaches were preventable.

“When approaching identity security, professionals must first consider a range of desired outcomes, or results they want to achieve, and then chart their paths accordingly,” said Julie Smith, executive director of the IDSA. “According to security and identity professionals, these outcomes are still a work in progress, with less than half reporting that they have fully implemented any of the identity-related security outcomes that the IDSA has initially identified as critical to reducing the risk of a breach. In fact, the research shows a clear correlation between a focus on identity-centric security outcomes and lower breach levels.”

Key Research Findings

  Identity-related breaches are ubiquitous

  • 94% have had an identity-related breach at some point
  • 79% have had an identity-related breach within the past two years
  • 66% say phishing is the most common cause of identity-related breaches
  • 99% believe their identity-related breaches were preventable

  Identity security is a work in progress

  • Most identity-related security outcomes are still in progress or planning stages
  • Less than half have fully implemented key identity-related security outcomes
  • 71% have made organizational changes to the ownership of identity management

  Forward-thinking companies are showing results

  • Forward-thinking companies are much more likely to have fully implemented key identity-related security outcomes
  • Only 34% of companies with a “forward-thinking” security culture have had an identity-related breach in the past year — far fewer than the 59% of companies with a “reactive” security culture

Identity Defined Security Outcomes Library
Today, the IDSA also published its latest iteration of the Identity Defined Security Framework. In addition to IDSA Best Practices, the framework now also consists of a library of identity defined security outcomes and implementation approaches. An Identity Defined Security Outcome is a desired result that improves an organization’s security posture and reduces the risk of a breach or failed audit. Included with each Identity Defined Security Outcome are vendor-neutral implementation approaches, which are well-defined patterns that combine identity and security capabilities. The library will continue to be expanded in the coming months.

To access the IDSA’s Identity Defined Security Outcomes library, visit https://securityoutcomes.idsalliance.org/.

To download “Identity Security: A Work in Progress,” visit https://www.idsalliance.org/identity-security-a-work-in-progress/.

Additional commentary can also be found on the IDSA blog https://www.idsalliance.org/blog/.

Survey Methodology
Dimensional Research conducted an independent online survey of IT security and identity professionals in the United States. A total of 502 qualified participants completed the survey. All had responsibility for IT security decision making at a company with more than 1,000 employees. Participants included a mix of roles, company sizes, and vertical industries.

About Dimensional Research
Dimensional Research® provides practical market research to help technology companies make their customers more successful. Our researchers are experts in the people, processes, and technology of corporate IT. We understand how technology organizations operate to meet the needs of their business stakeholders. We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business. For more information, visit dimensionalresearch.com.

About the Identity Defined Security Alliance
The IDSA is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of thought leadership, expertise and practical guidance on identity centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices and resources.

Follow the IDSA
Join the Community: https://forum.idsalliance.org/
Twitter: www.twitter.com/idsalliance
LinkedIn: www.linkedin.com/company/identity-defined-security-alliance/ 
Blog: https://www.idsalliance.org/blog/ 

Contacts
Industry Contact:
Identity Defined Security Alliance
Julie Smith, 303-324-3159
julie@idsalliance.org