Research reveals organisations are overconfident in their ability to combat cyberthreats

A report by Centrify and Techvangelism surveyed 1,300 organisations across 11 industries in the US and Canada.

The report identified that 79% of organisations do not have a mature approach to Privileged Access Management (PAM).

It was revealed that 93% of organisations believe that they are somewhat prepared against threats that involved privileged credentials, however only 52% of the organisations surveyed stated they did not use a password vault, one of the simplest security measures a company could take.

A total of 42% of organisation described their approach to PAM as “nonexistent”, thus the report identified that the majority of respondents (79%) do not have a mature approach to PAM. The most protected organisations (21%) are described as having a “mature” approach by hardening their environment that goes on beyond vault and identity-centric techniques.

The report provided insights into the solutions being utilised by organisations to control privileged access with 52% of organisations using shared accounts, and 58% of organisations not using multi-factor authentication for privileged administrative access to servers.

Industry-specific trends were also investigated within the report and it was discovered that 39% of technology organisations have a nonexistent approach to PAM, with both the healthcare (45%) and government  (42%)  industries also scoring high for nonexistent PAM maturity. The financial sector scored the highest in the “mature” category followed by energy and utilities.

Tim Steinkopf, CEO of Centrify said:

“This survey indicates that there is still a long way to go for most organizations to protect their critical infrastructure and data with mature privileged access management approaches based on zero trust.

“We know that 74% of data breaches involve privileged access abuse, so the overconfidence these organizations exhibit in their ability to stop them from happening is concerning.”


The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.