LAS VEGAS — The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, unveiled its 2024 Trends in Identity Security report, based on an online survey of over 520 identity and security professionals from organizations with over 1000 employees. This report provides a deep dive into the challenges companies continue to face in securing the rapidly growing number of identities and the approaches organizations are taking toward security and identity.
Identity-related incidents dominate today’s headlines. Clorox, MGM and Caesars fell prey to social engineering, while 23andMe suffered a breach as a result of a hacking method called credential stuffing, and UnitedHealth lacked multifactor authentication (MFA). Although these companies made headlines due to the extent of the breach, IDSA’s study revealed that only 10% of respondents didn’t have an identity-related incident in the last 12 months, consistent with last year’s report.
An astonishing 84% of identity stakeholders said incidents directly impacted their business, up from 68% in 2023. The most significant impact, seeing a measurable rise this year, was distracting from core business (52%), followed by the cost of recovering from the breach, which dropped from No. 1 this year but increased from 33% to 47%. Close behind and keeping third place is the negative impact on the company’s reputation, notably increasing from 25% to 45%.
“Identity-related incidents are on the rise, emphasizing the need for strong identity security measures,” said Jeff Reich, executive director at IDSA. “Many of today’s major breaches result from sophisticated phishing and social engineering attacks or not having multifactor authentication. These incidents not only impact operations, they cost a fortune — UnitedHealth experienced a $872 million loss from the Change Healthcare cyberattack. And they can also lead to significant drops in stock prices and lasting reputational damage.
“With identity threats becoming more severe, it’s crucial for organizations to strengthen their identity security frameworks to better protect against these growing challenges.”
Key Research Findings
The State of Identity Security in 2024
- 22% of businesses see managing and securing digital identities as the number one priority of their security program, up from 17% in 2023.
- 89% of organizations are concerned with employees using corporate credentials for social media.
- 91% of organizations invoked their incident response plans, double of 2023 and 32% invoked their plans more three to five times.
How 2024 Trends Impact Identity Security
- Consistent with 2023, 89% of businesses are somewhat or very concerned that new privacy regulations will impact identity security.
- 96% of respondents report AI/ML will be beneficial in addressing identity-related challenges, with 71% stating the No. 1 use case is identifying outlier behaviors
- 81% of identity stakeholders see passwordless authentication as a solid technology for addressing identity issues.
Security Outcomes Remain a Work in Progress
- Down slightly, 93% of identity stakeholders said that security outcomes could have lessened the business impact of incidents.
- 37% of respondents said implementing MFA for all users could have prevented or minimized the effect of incidents, followed by timely reviews of access to sensitive data (42%) and privileged access (50%).
- 99% of businesses reported they are planning to further invest in security outcomes in the next 12 months.
For more information, please download the full report.
About the Identity Defined Security Alliance
The IDSA is a group of identity and security vendors, solution providers, and practitioners that acts as an independent source of thought leadership, expertise, and practical guidance on identity-centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices, and resources. To learn more about memberships, please visit idsalliance.org/about-us/membership.
Follow IDSA
X (formerly Twitter): twitter.com/idsalliance
LinkedIn: linkedin.com/company/identity-defined-security-alliance
Blog: idsalliance.org/blog
