Leaders in secure infrastructure access reduce the annual cost of security incidents by 90%

71% of “novices” perceive the threat of security incidents to be growing over time, compared with 28% of “leaders”.

  • 2 months ago Posted in

Teleport has released its 2024 Secure Infrastructure Access report, which shows a strong correlation between investment in secure infrastructure access and meaningful business impact. The report shows that “leaders” in secure infrastructure access experience 6x fewer security incidents and 90% lower cost incurred due to security incidents, compared to novices, at a time when identity-centered cyberattacks are becoming increasingly sophisticated and growing in frequency. Of survey respondents, 89% of organizations suffered at least one security incident in the past three years. Over half (52%) experienced at least four, and nearly one quarter (24%) were victims of an extraordinary 11 incidents.

Against this backdrop, the study canvassed the views of 250 senior US and UK decision-makers, assessing enterprise performance in infrastructure access security. Ten questions within the survey assessed overall effectiveness on a variety of factors. These include, for example, the number of security incidents experienced in the last three years, how quickly a company can react to security incidents, and how quickly they can determine who has access to infrastructure. The top third of scorers were labelled as leaders, and the bottom third were labelled as novices. The report indicates significant disparities between enterprises excelling and those early on their security journey.

The changing threat landscape is bleaker for novices

- Number of incidents: The chasm between the two groups is most profound when it comes to security incidents, such as data breaches, ransomware, unauthorized access, etc. Organizations with well-established infrastructure access security experienced 6x fewer incidents, with leaders suffering an average of two incidents over the last three years compared to the 12 suffered by novices. 67% of novices also feel there have been more incidents over time compared to just 16% of leaders.

- Costs: For 85% of organizations, the financial implications of security incidents are becoming increasingly important. Again, the gulf in outcomes between leaders and novices is significant. Novices are 50% more likely to experience costs related to an incident. The estimated annuallized cost of security incidents, calculated by factoring the likelihood each cost was incurred, multiplied by the cost per incident, is $6 million for novices. This is compared to just $637,310 for leaders - 90% less.

- Outlook: The perception of the threat landscape also significantly changes depending on whether an organization is a leader or a novice. 71% of novices perceive the threat of security incidents to be growing over time, compared with 28% of leaders. In fact, 39% of leaders believe it is getting significantly smaller. Leaders were, on average, 20% more likely to report doing well in a wide variety of infrastructure access security outcomes, including ensuring system availability (94%), preventing unauthorised access (93%), and protecting sensitive data (93%) among the best performing. In contrast, novices reported struggling the most with passing compliance audits (35%), maintaining system integrity (28%), and ensuring system availability (27%). Given the significant gap between the two groups, it is unsurprising that 68% of leaders rank their organization's efforts to prevent security incidents as ‘extremely effective', compared to just 11% of novices.

“The findings highlight that upfront investment in secure infrastructure access pays off in the long term and that while incidents do occur, exemplary organizations can protect their brand reputation and reduce the cost of incidents, supporting the business outcomes that infrastructure is designed to enable,” said Ev Kontsevoy, CEO and co-founder of Teleport.

“With identity-focused attacks on the rise, and with artificial intelligence lowering the cost and increasing the effectiveness of impersonation efforts, it is critical that organizations invest proactively in security measures that can block threat actors, reduce the blast radius of breaches when they do occur, and improve speed and agility of remediation,” said Frank Dickson, Group Vice President of IDC’s Security and Trust research practice.

Leaders deploy more essential safeguards for securing access to infrastructure

The study identified 13 essential safeguards that leaders are more likely to deploy compared to novices, resulting in notably different security outcomes. The most impactful include:

● phishing-resistant passwordless authentication (67% more likely)

● crypto-authenticated identities for systems/resources (62% more likely)

● crypto-authenticated identities for users (55% more likely)

The findings show that implementing the safeguards can drive superior business outcomes over time. Notably, leaders were up to 60% less likely to report difficulties protecting against new attack vectors, such as AI impersonation or compromised privileged credentials, which the study shows are becoming increasingly difficult to defend against.

Organizational design also played a role, with 43% of leaders reporting extremely centralized responsibility for secure infrastructure access vs. 15% of novices.

Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Venafi has published the findings of its latest research report: The Impact of Machine Identities...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...