STOCK TITAN

Report: 93% Of Organizations Had Two or More Identity-Related Breaches in the Past Year

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

CyberArk released its 2024 Identity Security Threat Landscape Report, revealing that 93% of organizations experienced two or more identity-related breaches in the past year. The report emphasizes the rapid growth of machine identities, driven by multi-cloud strategies and AI programs, and highlights that machine identities are seen as the riskiest by security professionals. Despite the rise in identity-related breaches, only 38% of organizations classify both human and machine identities with sensitive access as privileged users. Additionally, 99% of organizations are using AI in cybersecurity, but 93% expect AI tools to also pose cyber risks. The report calls for a shift towards a cybersecurity model that prioritizes identity security to combat increasing attacks.

Positive
  • 99% of organizations have adopted AI-powered tools for cybersecurity defense.
  • 70%+ of security professionals are confident employees can identify deepfakes.
  • 84% of organizations will use three or more Cloud Service Providers in the next 12 months.
Negative
  • 93% of organizations had two or more identity-related breaches in the past year.
  • Machine identities are considered the riskiest identity type.
  • Only 38% of organizations classify both human and machine identities with sensitive access as privileged users.
  • 93% of respondents expect AI-powered tools to create cyber risks in the coming year.
  • Nine out of 10 organizations have been breached due to phishing or vishing.

Insights

The report from CyberArk highlights a critical issue in the domain of identity security, particularly emphasizing the risks associated with machine identities. Machines, unlike humans, often don't have stringent identity security controls, making them a potent threat vector. With the rapid adoption of multi-cloud strategies and AI advancements, the number of machine identities is exploding, with many requiring sensitive access. This poses a severe risk, as evidenced by 93% of organizations experiencing two or more identity-related breaches in the past year.

Notably, the disparity in how privileged access is defined—where only 38% of organizations include both human and machine identities—further exposes vulnerabilities. This gap in identity access management reflects a broader issue where legacy systems fail to adapt to modern cybersecurity needs. The reliance on AI to counteract these threats is a double-edged sword, enhancing defense mechanisms while simultaneously enabling sophisticated attacks.

For investors, this report underscores the urgency for firms to adopt more integrated and comprehensive identity security solutions. The sheer scale of identity-related breaches and the projected growth of identities (50% of organizations expect identities to grow 3x in the next 12 months) suggest that companies heavily invested in cybersecurity innovation are poised for growth. However, the report also serves as a cautionary tale about the evolving and highly dynamic nature of cyber risks.

From a financial perspective, the findings in CyberArk's report are telling. The high incidence of identity-related breaches—93% of organizations experiencing multiple breaches—demonstrates a substantial and recurring threat that can significantly impact business continuity and financial health. The cost of data breaches includes direct financial losses, regulatory fines and a potential loss of customer trust, all of which can be financially crippling.

The report also implicitly signals a growing market for identity security solutions, as organizations are likely to increase their cybersecurity budgets to address these emerging threats. Companies like CyberArk, specializing in identity security, are well-positioned to capitalize on this trend, potentially leading to revenue growth and market expansion.

However, the financial impact is not solely positive. The ongoing and evolving nature of cyber threats means continuous investment in cybersecurity is necessary, impacting profit margins. Moreover, the confidence in AI-powered tools by 99% of organizations indicates high competition and a rapidly changing landscape. Investors should weigh the potential growth against the backdrop of evolving cyber risks and the constant need for innovation.

  • Machine identities are the #1 driver of identity growth
  • Only 38% of organizations define all human and machine identities with sensitive access as privileged users
  • 70%+ of security professionals are confident that their employees can identify deepfakes of their organizational leadership

NEWTON, Mass. & PETACH TIKVA, Israel--(BUSINESS WIRE)-- CyberArk (NASDAQ: CYBR), the identity security company, today released a new global research report that shows how siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems. The CyberArk 2024 Identity Security Threat Landscape Report provides unique perspectives on how Artificial Intelligence (AI) boosts cyber defenses as well as attacker capabilities; increases the pace at which identities are created in new and complex environments; and highlights the scale of identity-related breaches affecting organizations.

The CyberArk Identity Security Threat Landscape 2024 Report (Graphic: Business Wire)

The CyberArk Identity Security Threat Landscape 2024 Report (Graphic: Business Wire)

Cyber Risk Rises as Machine Identity Security Treated Differently to Humans

While the quantity of both human and machine identities is growing quickly, the report found that security professionals rate machines as the riskiest identity type. In part due to widespread adoption of multi-cloud strategies and growing utilization of AI-related programs like Large Language Models, machine identities are being created in vast numbers. Many of these identities require sensitive or privileged access. However, contrary to how human access to sensitive data is managed, machine identities often lack identity security controls, and therefore represent a widespread and potent threat vector ready to be exploited.

  • 93% of organizations had two or more identity-related breaches in the past year.
  • Machine identities are the #1 cause of identity growth and are considered by respondents to be the riskiest identity type.
  • 50% of organizations expect identities to grow 3x in the next 12 months (average: 2.4x).
  • 61% of organizations define a privileged user as human-only. Only 38% of organizations define all human and machine identities with sensitive access as privileged users.
  • In the next 12 months, 84% of organizations will use three or more Cloud Service Providers (CSPs).

Widespread Use of AI to Battle AI and Complacency Takes Hold

Consistent with our 2023 report, the 2024 Threat Landscape Report found that nearly all (99%) of organizations are using AI in cybersecurity defense initiatives. Furthermore, the report predicts an increase in the volume and sophistication of identity-related attacks, as skilled and unskilled bad actors also increase their capabilities, including AI-powered malware and phishing. In related findings, counter to expectations, the majority of respondents are confident that deepfakes targeting their organization won’t fool their employees.

  • 99% of organizations have adopted AI-powered tools as part of their cyber defenses.
  • 93% of respondents expect AI-powered tools to create cyber risk for their organization in the coming year.
  • 70%+ are confident that their employees can identify deepfakes of their organizational leadership.
  • Nine out of 10 organizations have been a victim of a successful identity-related breach due to a phishing or vishing attack.

“Digital initiatives to drive organizations forward inevitably create a plethora of human and machine identities, many of which have sensitive access and all of which must have identity security controls applied to them in order to guard against identity-centric breaches,” said Matt Cohen, chief executive officer, CyberArk. “The report shows that identity breaches have affected nearly all organizations - multiple times in nearly all cases – and demonstrates that siloed, legacy solutions are ineffective at solving today’s problems. To stay ahead a paradigm shift is required, where resilience is built around a new cybersecurity model that places identity security at its core.”

Read the full report for further insight on what is behind human and machine identity growth, where related cyber risk lies and how AI is being used in cyber defenses. The report also details the consequences firms are facing from identity-centric cyber breaches and recommends methods of ensuring security practices keep up with wider organizational initiatives to reduce cybersecurity debt.

About the Report

The CyberArk 2024 Identity Security Threat Landscape Report was conducted across private and public sector organizations of 500 employees and above. It was conducted by market researchers Vanson Bourne amongst 2,400 cybersecurity decision makers. Respondents were based in Brazil, Canada, Mexico, US, France, Germany, Italy, the Netherlands, Spain, UK, UAE, Australia, India, Hong Kong, Israel, Japan, Singapore and Taiwan.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, X, Facebook or YouTube.

Media:

Carissa Ryan

Press@cyberark.com

Investors:

Erica Smith

IR@cyberark.com

Source: CyberArk

FAQ

What percentage of organizations experienced identity-related breaches last year?

93% of organizations experienced two or more identity-related breaches in the past year.

Why are machine identities considered risky?

Machine identities are often created in large numbers, require sensitive or privileged access, and lack security controls, making them a potent threat vector.

How prevalent is the use of AI in cybersecurity?

99% of organizations have adopted AI-powered tools as part of their cybersecurity defenses.

What is the expected increase in identities in the next year?

50% of organizations expect identities to grow 3x in the next 12 months, with an average increase of 2.4x.

How many organizations define all identities with sensitive access as privileged users?

Only 38% of organizations define all human and machine identities with sensitive access as privileged users.

What are the common causes of identity breaches?

Phishing and vishing attacks are common causes, with nine out of 10 organizations falling victim to such breaches.

What percentage of organizations expect AI tools to pose cyber risks?

93% of respondents expect AI-powered tools to create cyber risks for their organization in the coming year.

How many organizations will use multiple Cloud Service Providers?

84% of organizations plan to use three or more Cloud Service Providers in the next 12 months.

CyberArk Software Ltd.

NASDAQ:CYBR

CYBR Rankings

CYBR Latest News

CYBR Stock Data

15.62B
46.84M
0.03%
104.35%
2.93%
Software - Infrastructure
Technology
Link
United States of America
Petah Tikva