How Much do Passwords Cost your Business?

It’s well known that breaches can have serious financial implications on a company. The Equifax data breach in 2017 could cost the company nearly $450 million, and with GDPR now in play, businesses of all sizes could face sky-high fines if they don’t report data breaches to the relevant authorities within 72 hours.

With weak, stolen or reused passwords being the cause of 81% of breaches, companies need to ensure that there aren’t any gaps in their password management. But often, business leaders won’t address an issue unless there’s a financial incentive to do so. So, let’s take a look at the price of passwords in the enterprise.

High support costs 
The cost of supporting password systems, including staffing and infrastructure, can be significant for today’s digital businesses. Forrester’s recent survey of network security decision makers found that several large organizations allocate over £700,000 annually just for password-related support costs. While seven figure price tags might not break the bank of large corporations, a single password reset can cost just over £50 which alone can be a financial burden for smaller organizations.

There are concerted efforts to introduce automation tools, such as SAML (Security Assertion Markup Language)-based web single sign on (SSO), to alleviate the password burden which is a step in the right direction in terms of both user experience and security. Unfortunately password support costs continue to rise because many companies rely on legacy systems that don’t support SAML, and upgrading to modern technology is also expensive – so it’s a solution for the future, not for now. 

When not properly addressed at an end-user level, as long as passwords remain the most common method of user authentication, the need for costly support will persist. It’s not all bad news though, as implementing an enterprise password management (EPM) solution, can make managing passwords a painless task.

Insider attacks 
According to research, 24% of breaches in the last 12 months were the result of an internal attack, which shouldn’t be surprising if you consider that many businesses are still relying on a shared spreadsheet or document to store passwords.

With the average adult possessing more than 25 online accounts, it is no wonder that employees fail to maintain strong password discipline, for example having strong, unique passwords for every system they access. Instead, the same passwords are being used across multiple accounts, which further increases the risk of both internal and external breaches.

While employers may think that storing passwords in a known location that’s easy to access will avoid password loss and keep productivity high, in reality, the potential costs from a breach far outweigh this.

If businesses are relying on spreadsheets, or a similar public method of storing passwords, they should reconsider their security policy to ensure the best practices are being followed. Employee education, as well as introducing effective password management technology is key to helping reduce the danger of sensitive data being accessible to everyone inside the company, and potentially, getting into the wrong hands.

Lost end-user productivity 
Not only can passwords have a direct administrative cost, they also have a significant effect on employee productivity. An employee taking ten minutes out of their day to phone their IT helpline to reset a lost password may not seem like substantial time lost, until this is multiplied by all of the employees in a company, and then the cost of passwords can add up.

Plus, many employees work in an environment now where they’re working across multiple accounts, and with multiple log-in details, this increases the chance for problems to arise and workflow to be interrupted. 

In the enterprise, every minute wasted has a knock on effect on productivity, which in turn, will directly affect revenue. The exact costs of lost productivity can be hard to estimate, but when businesses consider how much time, work and opportunities are potentially wasted annually, it’s clear that this can’t be overlooked. 

EPM solutions can help enterprises take back control of password management and reduce the amount of invaluable time being lost, and not to mention, stress and inconvenience caused for employees before even starting their days’ work. Long gone are the days when employees are writing passwords on post-its, forgetting them, and locking themselves out of systems. 

What’s Hot on Infosecurity Magazine?