Research reveals organisations are overconfident in their ability to combat cyberthreats

A report by Centrify and Techvangelism surveyed 1,300 organisations across 11 industries in the US and Canada.

The report identified that 79% of organisations do not have a mature approach to Privileged Access Management (PAM).

It was revealed that 93% of organisations believe that they are somewhat prepared against threats that involved privileged credentials, however only 52% of the organisations surveyed stated they did not use a password vault, one of the simplest security measures a company could take.

A total of 42% of organisation described their approach to PAM as “nonexistent”, thus the report identified that the majority of respondents (79%) do not have a mature approach to PAM. The most protected organisations (21%) are described as having a “mature” approach by hardening their environment that goes on beyond vault and identity-centric techniques.

The report provided insights into the solutions being utilised by organisations to control privileged access with 52% of organisations using shared accounts, and 58% of organisations not using multi-factor authentication for privileged administrative access to servers.

Industry-specific trends were also investigated within the report and it was discovered that 39% of technology organisations have a nonexistent approach to PAM, with both the healthcare (45%) and government  (42%)  industries also scoring high for nonexistent PAM maturity. The financial sector scored the highest in the “mature” category followed by energy and utilities.

Tim Steinkopf, CEO of Centrify said:

“This survey indicates that there is still a long way to go for most organizations to protect their critical infrastructure and data with mature privileged access management approaches based on zero trust.

“We know that 74% of data breaches involve privileged access abuse, so the overconfidence these organizations exhibit in their ability to stop them from happening is concerning.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.