A recent survey from SailPoint Technologies Holdings released at Infosecurity Europe illustrates the ongoing struggle that IT leaders have addressing frequent attacks from cyber criminals. The survey, conducted by research company Vanson Bourne, asked 400 IT decision-makers in the US, the UK and France to quantify both the number of data breaches experienced in the last 12 months and the resulting financial damage.
SailPoint found that 44% of organisations surveyed had suffered at least one data breach in the last 12 months. More worrisome is that organisations clearly have their work cut out for them: of those reporting a data breach, the average was almost 30 data breaches per organisation in the last 12 months. These breaches cost the organisations nearly £700,000 (or nearly $1m) to address from an IT perspective, which excludes fines, lost revenue and brand damage.
Perhaps the most troubling survey finding, however, is that nine percent of IT leaders could not confidently say whether or not their organisations had been breached at all. This demonstrates a continued, clear lack of visibility within organisations today that not only exposes them to data breaches, but also regulatory fines. For example, organisations found non-compliant face massive fines, which can be four percent of global annual revenue, as the General Data Protection Regulation (GDPR) takes effect.
“IT leaders face an uphill battle. Hackers are increasingly more sophisticated and more organised, and governments are adding new layers of complexity with regulations like GDPR,” said Paul Trulove, Chief Product Officer of SailPoint. “Yesterday’s security strategies are simply not sufficient to address these security and compliance requirements. Implementing a comprehensive identity governance program helps organisations answers the critical questions of who has access to what, who should have access to what, and how is that access being used, providing the much-needed visibility into today’s hybrid, constantly evolving IT environment.”
By implementing a comprehensive identity governance strategy that secures and enables identities for all users, across all applications and all data as the cornerstone of modern security and IT operations, enterprises can reduce exposure points and strengthen their overall security posture.