6 Stats to Know About Privileged Access Management (PAM)

July 2, 2019

When’s the last time you really thought about privileged access? Maybe you’ve done the legwork with password vaulting, or have built your own in-house system. But overly complex IT infrastructure, regulatory requirements and technology sprawl further complicate the already costly and time-consuming management of privileged access. Data is truth. Before you can close the loop on longer-term PAM governance, you need to know the facts.

83% of organizations do not have a mature approach to access management, resulting in two times more breaches.  That’s according to Forrester’s “Stop the Breach” report. It should come as no surprise that data breaches hurt your bottom line. Yet, many firms overlook that most breaches are internal. Preventing and protecting against internal attacks and privilege abuse plays a key role in proactive cost reduction.

US enterprises will lose on average $7.91M from a breach, almost double the global average of $3.68M. That’s according to IBM. With complex factors like client loss, breach size, containment, detection and escalation management, the costs of a data breach (both direct and indirect) are only rising. Preventative measures and readiness in identifying and containing your risk can be a substantial financial incentive to securing your most business-critical assets. 

56% of breaches take months or longer to discover. That’s a jarring stat from Verizon’s Data Breach Investigations report. It takes a long time for most breaches to be discovered let alone remediated. The longer it takes for a breach to be identified and contained, the higher the losses…both reputational and financial. 

49% of organizations don’t have policies for assigning privileged user access. That’s a stat from the Ponemon Institute. Despite the clear risk that insiders pose, nearly half of all firms lack the rules and processes for properly governing access. That may be due to a lack of visibility and control, inadequate technology implementation or reliance on manually intensive, error-prone processes to manage privileged credentials that increase costs and risk while reducing efficiency.

80% of security breaches involve compromised privileged credentials. That’s another great data point from Forrester. Users with Domain Administrative privileges have unfettered access to your company’s critical data and IT assets. To limit risk and exposure, administrative roles and access across the enterprise need to be defined and managed from application, infrastructure and network perspectives.

90% of organizations feel vulnerable to insider attacks. That’s according to Crowd Research Partners. Most security breaches originate within your four walls — and there are countless internal risk factors at play. According to the report, the top culprits include excessive access privileges (37%), an uptick in the number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%). Across these data vulnerabilities, firm are implementing technologies to deter threats via Data Loss Prevention (DLP), encryption, and identity and access management solutions. 

And one bonus stat: mature password vaulting solutions are often insufficient. Organizations assume 80% of their privileged access accounts are being managed and monitored properly — but, once properly assessed, the reality is much closer to 20%. That’s based on our own discovery analyses across PAM users.  

The PAM landscape need not be so complex. At the end of the day, it’s all about the data.

Talk to our Risk Reduction Experts.

Stay in the loop

Join our mailing list and get notified of the latest SPHEREinsights