IDSA: Only 49% of Firms Invest in Identity Protection Before Incidents

Written by

Only 49% of leadership teams proactively invest in identity protection solutions before a security incident. Just 29% take action to support and invest in identity and security protection after they have already experienced a security incident.

The numbers come from the Identity Defined Security Alliance (IDSA)’s latest report, published on Tuesday.

The 2023 Trends in Securing Digital Identities report, based on an online survey of over 500 identity and security professionals, found that 90% of respondents reported at least one security incident in the last 12 months, a 6% increase from last year’s report.

The IDSA report also identified the top two barriers for security teams as identity frameworks complicated by multiple vendors and different architectures (40%) and complex technology environments (39%).

The vast majority of respondents (89%) said they were somewhat or very concerned that new privacy regulations would impact identity security. At the same time, 98% of them said artificial intelligence and machine learning (AI/ML) would be beneficial in addressing identity-related challenges.

Read more on privacy regulations: Six Foundations of Data Privacy Regulation

According to Jeff Reich, executive director of IDSA, cloud adoption, remote work, mobile device usage and third-party relationships are substantially driving up the number of identities used online, with a corresponding increase in identity-related incidents.

“Protecting digital identities has never been more important in the fight against increasingly savvy cyber-attacks,” Reich explained. “And while managing and securing identities continues to be called out as a top priority by organizations, meaningful shifts in proactive investment and leadership are necessary to reduce risk.”

Case in point, almost all identity stakeholders (96%) said that security outcomes could have lessened the business impact of incidents. Meanwhile, 42% said implementing multi-factor authentication (MFA) for all users could have prevented or minimized the effect of incidents.

What’s hot on Infosecurity Magazine?