Leaders in secure infrastructure access reduce the annual cost of security incidents by 90%

71% of “novices” perceive the threat of security incidents to be growing over time, compared with 28% of “leaders”.

  • 1 month ago Posted in

Teleport has released its 2024 Secure Infrastructure Access report, which shows a strong correlation between investment in secure infrastructure access and meaningful business impact. The report shows that “leaders” in secure infrastructure access experience 6x fewer security incidents and 90% lower cost incurred due to security incidents, compared to novices, at a time when identity-centered cyberattacks are becoming increasingly sophisticated and growing in frequency. Of survey respondents, 89% of organizations suffered at least one security incident in the past three years. Over half (52%) experienced at least four, and nearly one quarter (24%) were victims of an extraordinary 11 incidents.

Against this backdrop, the study canvassed the views of 250 senior US and UK decision-makers, assessing enterprise performance in infrastructure access security. Ten questions within the survey assessed overall effectiveness on a variety of factors. These include, for example, the number of security incidents experienced in the last three years, how quickly a company can react to security incidents, and how quickly they can determine who has access to infrastructure. The top third of scorers were labelled as leaders, and the bottom third were labelled as novices. The report indicates significant disparities between enterprises excelling and those early on their security journey.

The changing threat landscape is bleaker for novices

- Number of incidents: The chasm between the two groups is most profound when it comes to security incidents, such as data breaches, ransomware, unauthorized access, etc. Organizations with well-established infrastructure access security experienced 6x fewer incidents, with leaders suffering an average of two incidents over the last three years compared to the 12 suffered by novices. 67% of novices also feel there have been more incidents over time compared to just 16% of leaders.

- Costs: For 85% of organizations, the financial implications of security incidents are becoming increasingly important. Again, the gulf in outcomes between leaders and novices is significant. Novices are 50% more likely to experience costs related to an incident. The estimated annuallized cost of security incidents, calculated by factoring the likelihood each cost was incurred, multiplied by the cost per incident, is $6 million for novices. This is compared to just $637,310 for leaders - 90% less.

- Outlook: The perception of the threat landscape also significantly changes depending on whether an organization is a leader or a novice. 71% of novices perceive the threat of security incidents to be growing over time, compared with 28% of leaders. In fact, 39% of leaders believe it is getting significantly smaller. Leaders were, on average, 20% more likely to report doing well in a wide variety of infrastructure access security outcomes, including ensuring system availability (94%), preventing unauthorised access (93%), and protecting sensitive data (93%) among the best performing. In contrast, novices reported struggling the most with passing compliance audits (35%), maintaining system integrity (28%), and ensuring system availability (27%). Given the significant gap between the two groups, it is unsurprising that 68% of leaders rank their organization's efforts to prevent security incidents as ‘extremely effective', compared to just 11% of novices.

“The findings highlight that upfront investment in secure infrastructure access pays off in the long term and that while incidents do occur, exemplary organizations can protect their brand reputation and reduce the cost of incidents, supporting the business outcomes that infrastructure is designed to enable,” said Ev Kontsevoy, CEO and co-founder of Teleport.

“With identity-focused attacks on the rise, and with artificial intelligence lowering the cost and increasing the effectiveness of impersonation efforts, it is critical that organizations invest proactively in security measures that can block threat actors, reduce the blast radius of breaches when they do occur, and improve speed and agility of remediation,” said Frank Dickson, Group Vice President of IDC’s Security and Trust research practice.

Leaders deploy more essential safeguards for securing access to infrastructure

The study identified 13 essential safeguards that leaders are more likely to deploy compared to novices, resulting in notably different security outcomes. The most impactful include:

● phishing-resistant passwordless authentication (67% more likely)

● crypto-authenticated identities for systems/resources (62% more likely)

● crypto-authenticated identities for users (55% more likely)

The findings show that implementing the safeguards can drive superior business outcomes over time. Notably, leaders were up to 60% less likely to report difficulties protecting against new attack vectors, such as AI impersonation or compromised privileged credentials, which the study shows are becoming increasingly difficult to defend against.

Organizational design also played a role, with 43% of leaders reporting extremely centralized responsibility for secure infrastructure access vs. 15% of novices.

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...