Failed Security Audits Due to Unenforced Digital Identity Policies and Rogue Certificate Authorities

Unplanned Downtime and Systems Outages Increase Costs, Affecting 58% of Respondents 

 

CLEVELAND, Ohio March 17, 2020– Keyfactor, the leader in securing digital identities, and the Ponemon Institute today released the 2020 UK edition of “The Impact of Unsecured Digital Identities”, a benchmark report exploring enterprises’ ability to manage increasing numbers of cryptographic keys and digital certificates securing network connections.

Regulatory measures such as GDPR put focus on data privacy at design, tightening requirements and guiding IT security controls like Public Key Infrastructure (PKI). Continued adoption of IoT, cloud and mobile technologies are increasing the number of digital certificates and keys that ensure secure connections and identity authentication through PKI. 

“This research demonstrates that despite heightened compliance focus, businesses struggle to manage foundational security like PKI and the tools and processes that maintain it. This is concerning, especially as the number of digital certificates and keys within enterprise continues to multiply,” said Chris Hickman, chief security officer at Keyfactor.

Half of respondents indicate regulatory compliance as a strategic priority and two-thirds say their organisation is adding additional layers of encryption to comply with regulations and IT policies. However, undocumented or unenforced key management policies are problematic, with respondents averaging more than four failed audits or compliance experiences in the last 24 months. 

“Less than half of respondents say they have sufficient staff dedicated to PKI,” said Hickman. “A lack of program ownership, combined with the constant care and feeding that digital identities need, has introduced new risk, creating an exposure epidemic. Unless leaders invest in in-house processes and outsourced resources to manage PKI, enterprise will risk failed audits, fines and worse, a security breach.”

Additional key findings reveal:

  • A rise in security incidents: on average, organisations experienced a Certificate Authority (CA) or rogue man-in-the-middle (MITM) and/or phishing attack four times in the last 24 months, facing a 32% likelihood of a MITM or phishing attack over the next 24 months.
  • Staffing shortages: on average, 15% of IT security budget is spent on PKI deployment annually, yet just 43% of respondents say their organisation has enough IT security staff members dedicated to PKI deployment.
  • Lack of visibility: 70% of respondents say their organisation does not know how many digital certificates and keys it has within the business.
  • Cryptography related security incidents undermine trust: 68% of respondents say failure to secure keys and certificates undermines the trust their organisation relies upon to operate.
  • Cryptography lacks a center of excellence: despite the rising cost of PKI and growth of cryptography-related incidents, just 40% of companies have the ability to drive enterprise-wide best practice.
  • Spending trend:represented organisations are spending an average of £37M on IT security annually, with £1.37M dedicated to PKI.

Our 2019 reportin North America was a wake-up call in many ways – it was the first report of its kind to investigate the role that digital certificates and keys play in creating trust and supporting security,” said Dr. Larry Ponemon, founder of the Ponemon Institute. "This year we expanded the report’s boundaries to examine the state of PKI within the United Kingdom. While UK-based organisations score slightly higher than their North American peers on overall PKI program management, they’re struggling in compliance-related categories, which may expose greater operational and security risk.”

The study was conducted by Ponemon Institute on behalf of Keyfactor and included responses from more than 400 IT and IT security practitioners in the United Kingdom across 14 industries including: financial services, healthcare, manufacturing, retail and automotive.

To view the complete 2020 UK edition of “The Impact of Unsecured Digital Identities” report, visit: https://info.keyfactor.com/en-gb/the-impact-of-unsecured-digital-identities-2020-report-featuring-the-critical-trust-index-united-kingdom-edition.

-30-

 

About Keyfactor
Keyfactorempowers enterprises of all sizes to escape the exposure epidemic – when breaches, outages and failed audits from digital certificates and keys impact brand loyalty and the bottom line. Powered by an award-winning PKI as-a-service platform for certificate lifecycle automation and IoT device security, IT andInfoSec teams can easily manage digital certificates and keys. And product teams can build IoT devices with crypto-agility and at massive scale. Exceptional products and a white-glove customer experience for its 500+ global customers have earned Keyfactor a 98.5% retention rate and a 99% support satisfaction rate. Learn more at www.keyfactor.com.

Contacts

Keyfactor Media Contact
Sarah Hance

This email address is being protected from spambots. You need JavaScript enabled to view it.

216.785.2291

MRB Public Relations Media Contact
Angela Tuzzo
This email address is being protected from spambots. You need JavaScript enabled to view it.
732.758.1100