by Brian Kelley
Now that we know what identity management is, it’s time to figure out just how much money it saves you. Cybersecurity, like all security, is a form of proactive insurance. The saying goes, “it’s the stingy person that pays the most,” and you’re taking huge risks by not willing to spend the time and capital to insure yourself against the worst case scenario. Data breaches aren’t going away, so if businesses or service providers aren’t taking identity management or authentication into account, they deny the reality of the situation.
That said, saving money by managing user ID’s and data access isn’t clear line to draw: There are multiple moving elements to a breach and user protection, and it varies between industries. For example, healthcare and finance have much more damaging and expensive impacts from a breach compared to media or transportation. Add to that is the fact that data breaches are: a) underreported b) often undiscovered, and c) occasionally a matter of “too little, too late.”
That’s the truth of network security from small businesses to global enterprises. Attacks designed to be as clandestine as possible so they can siphon the most information to be exploited outright or sold later. The sneakier and longer term the intrusion, the more lucrative it is. Businesses and organizations can fight this in two ways: Active prevention and employing a response team.
Prevention is where identity and access management can stem costs with a robust authentication system. Preventative costs are tricky quantify though: Even with the most aggressive and comprehensive security in place, we have to accept that breaches can still happen. However, locking down and managing who has access to data alerts the response team quickly. Recognizing a breach, disclosing it as soon as possible, and protecting authorized users saves millions compared to undetected or unreported intrusions.
Time is money when it comes to data theft. Without a response team in place, every minute a breach continues leads to higher and higher costs of remediation. It’s relatively simple and comparatively inexpensive to alert the affected parties immediately and seal the breach. But if these intrusions go for years without being noticed, such as the case with Yahoo, the damage expenses skyrocket.
Authentication pays for itself (and also lost customers, legal costs, fines, etc.)
The verdict is that the average breach costs four to seven million dollars when you factor in the loss of business revenue, costs of notifying victims, compensating victims, reissuing ID’s or cards, and more. So does that mean identity and access management saves you four to seven million dollars?
How about the annually increasing stats of credential theft? 81% of all breaches are from weak or stolen credentials, so maybe it’s more accurate to say you’ve reduced the possibility of paying out $4,000,000+. Anyone storing data needs to accept that passwords alone aren’t enough, and adding multi-factor authentication isn’t necessarily a perfect solution. The inherent advantage of managing and monitoring user ID’s in a way that they can’t easily be compromised could be the difference between success or bankruptcy.
