Only 49% of leadership teams are actively investing in identity protection solutions before a security incident occurs. Only 29% have taken action to support and invest in identity and security protection after having already experienced a security incident.
The numbers are based on the latest Identity Defined Security Alliance (IDSA) report published Tuesday.
of 2023 trends for securing digital identities The report is based on an online survey of over 500 identity and security professionals and found that 90% of respondents reported at least one security incident in the last 12 months. That’s a 6% increase over last year’s report.
The IDSA report identified the top two barriers for security teams as identity frameworks complicated by multiple vendors and different architectures (40%) and complex technology environments (39%).
The majority of respondents (89%) said they were somewhat or very concerned about the impact of new privacy regulations on their identity security. At the same time, 98% of them said artificial intelligence and machine learning (AI/ML) would be beneficial in addressing identity-related challenges.
For more information on privacy regulations, see Six Fundamentals of Data Privacy Regulation.
According to IDSA executive director Jeff Reich, cloud adoption, remote work, use of mobile devices, and third-party relationships have significantly increased the number of identities used online, and the need to keep pace. identity-related incidents are also increasing.
“Protecting digital identities has never been more important in the fight against increasingly sophisticated cyberattacks,” Reich explained. “And while identity management and protection continues to be proclaimed by organizations as a top priority, mitigating risk requires positive investments and meaningful changes in leadership.”
Case in point, nearly all identity stakeholders (96%) said security outcomes could have reduced the business impact of an incident. Meanwhile, 42% said that implementing multi-factor authentication (MFA) for all users could have prevented or minimized the impact of the incident.
