CyberArk announced the findings of a global survey that explores trends in Identity Security adoption and the relative maturity of organisations embarking on related strategies. Results show that only 9% of organisations are taking an agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud environments.
The report features an Identity Security maturity model to help cybersecurity leaders assess their current strategies, uncover risks and take steps to strengthen cyber resilience. Bold firms have reached the pinnacle of maturity having embraced a unified approach.
What were the results of this global survey?
“The Holistic Identity Security Maturity Model: Raising the Bar for Cyber Resilience” report features results from a survey of 1,500 cybersecurity professionals conducted by CyberArk and Enterprise Strategy Group (ESG), 73 of which are attached to Australian organisations.
Based on the global survey, the data-driven model identifies 9% of organisations as those with the most mature and holistic Identity Security strategies. These transformative organisations have a well-rounded focus on implementing Identity Security tools, are inherently agile and display a “fail fast, learn faster” characteristic even during successful cybersecurity attacks.
42% of the Identity Security programs of all the respondents, however, are in the earliest stage of maturity and lack the necessary foundational tools and integrations to quickly mitigate identity-related risk. An expanding identity attack surface, IT complexity and several roadblocks in the organisation’s setup contribute to this widespread Identity Security deficit.
Strategy and outcome gap
Of the 73 Aussie cybersecurity professionals surveyed, 78% (69% globally) of C-level executives believe they are making correct Identity Security-related decisions compared to 52%of all other global personnel (tech decision makers and practitioners). The gap highlights the perception that overall security can be achieved through the right technology investments.
But that is only part of the story. Strategically maximising those technology investments to include implementation and integration with existing environments, breaking down organisational and operational silos as well as improving training is equally important.
Disparate endpoint data and fragmented efforts
99% of Aussie respondents (compared to 92% globally) believe that endpoint security or device trust and identity management are essential to a robust Zero-Trust strategy, and 75% (compared to 65% globally) believe the correlating data is critical for securing endpoints.
According to the research, 58% of organisations globally have two teams responsible for securing identities in the firm’s cloud environment and on-premises and rely on numerous point solutions, making it challenging to come to grips with their real-time security posture.
What does this mean for business cybersecurity?
“While 63% of firms (and 99% Aussie firms) admit to being identity-based attack victims, this portion is likely much higher as foes continue to successfully target and weaken identities at scale,” said Amita Potnis, Director, Brand and Thought Leadership Marketing, CyberArk.
“The main focus for organisations looking to adopt a mature holistic Identity Security strategy is to secure access for all identities – human and machine – by breaking down organisational silos and adopting a consolidated and automated approach for Identity Security.”
“Our extensive research findings indicate that many businesses have already begun investing in this journey, with 24% of organisations globally committing more than 10% of their overall cybersecurity budget to their Identity Security programs this year,” she concluded.
Jack Poller, Senior Analyst at Enterprise Strategy Group, said, “This research uncovers the relationship between a strong Identity Security strategy and enhanced business outcomes. Frequent and timely maturity assessments can help ensure the right users have access to the right data, and that firms can act quickly enough to stop threats before they stop business.”