SAN JOSE, CA, MARCH 29, 2022 – A new report conducted by the Ponemon Institute, the preeminent research center dedicated to privacy, data protection, and information security policy, and sponsored by Nok Nok Labs (Nok Nok™), the most scalable platform for modern identity and passwordless customer authentication, highlights the significant costs to businesses that result from authentication failures and weaknesses. Through its own primary research, Nok Nok has been aware that limited business data exists about the state of today’s system-level authentication processes and its relation to the business impact of authentication failures. As the first initiative of its kind to address this gap, the Ponemon Institute, working with Nok Nok, launched an industry survey of businesses with current digital transformation projects underway.
A systemic authentication failure occurs when organizations are unable to verify user identity across a user base due to weaknesses in the organization’s authentication processes. According to the study, which surveyed 1,007 IT staff, IT security leaders, and line of business leaders (LoBs), the average business losses across all types of authentication weaknesses range from $39 million to $42 million. The study also found that for authentication weaknesses that specifically result in a material business disruption, the average maximum business loss expands the range from $34 million to $40 million. Additionally, the study identified a significant gap that exists between IT security and LoBs in their internal alignment to address system-level authentication failures that prevent access from internal and external users to an organization’s goods and services.
Some of the consequences and economic losses created by system-level authentication weaknesses include excessive account recoveries, password resets, and susceptibility to automated attacks such as credential stuffing, where the attacker has a list of valid username and password credentials. Reasons that system-level authentication weakness can be costly include the associated downtime costs incurred to resolve authentication failures across a broad user base, the disruption of business processes, and the negative impact on third-party business relationships. And a key finding from the study is that there is universal agreement among internal stakeholders: when system-level authentications fail, the organization loses customers.
“Although it’s not surprising, it is revealing to see how high the cost of a system-level authentication failure can be for an organization,” said Larry Ponemon, Chairman and Founder of Ponemon Institute. “Knowing the significant potential cost, the data in this report should enlighten and motivate organizations to re-examine their security processes, access control methods and drive strategic alignment to mitigate system authentication weaknesses and related business risks.”
Relationship Between Internal User and External Customer Authentication
In the use case of employee identity and authentication, the internal gaps and misalignment in understanding system-level authentication can be a barrier to addressing the risks of authentication weaknesses. Some of these gaps highlighted in the survey include:
“This data is clearly eye-opening to the sizable risks and costs incurred when organizations do not properly address authentication failures that arise from system-level processes and workflows,” said Phil Dunkelberger, CEO of Nok Nok. “The gap that exists between the line of business and IT sides of the organization is alarming. It is clear that internal end-user authentication failures have many risks and incurred costs where the security environment is fairly controlled, meaning where an enterprise controls employee authentication hardware and platforms. Similarly, the same risks and even increased costs must exist where the organization enterprise has little or no control over the devices, platforms or connectivity used by its millions of customers in customer-facing authentication applications.”
Mr. Dunkelberger continues with “there needs to be more leadership coming from the top in bringing these two sides together to fix enterprise-wide, system-level authentication failures. Otherwise, the trend will continue and costs will continue to rise. With Nok Nok’s current focus on solving customer authentication issues, we have always believed authentication is the front door to customer trust. The results of this survey, as also applied to the consumer authentication use case, implies that system-level authentication weaknesses are going to drive even larger costs to companies, including the loss of their customers. Bottom line, the data related to internal misalignment within an organization shows that companies need to start thinking differently about user identity and authentication. This is one of the reasons why we started Nok Nok: to deliver solutions that provide a holistic approach for an organization’s IT and LoB requirements for end-user authentication that accelerate and enable digital transformation”.
Select the button to view and download the Ponemon Risks and Cost of Authentication Report.
Learn more about Nok Nok’s passwordless authentication solutions.
About The Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries.
About Nok Nok Labs
Nok Nok is a pioneer in the FIDO standards and the trusted leader in next-generation identity and passwordless authentication solutions. The Nok Nok™ S3 Suite empowers companies to transform their customer experiences, transactions, business processes, and workflows by leveraging modern identity and passwordless authentication. The Nok Nok™ S3 Suite offers the most scalable and feature-rich passwordless solution that integrates into existing system-level workflows and legacy security infrastructure. Companies that implement the Nok Nok next-gen passwordless platform experience authentication success rates above 99%, onboarding conversion improvements of more than 10%, a 90% reduction in account recovery requests, and significantly reduced OpEx. Headquartered in Silicon Valley, California, the company has delivered unique inventions and innovations that are protected by a robust global patent portfolio. As a founder of the FIDO Alliance and an inventor of FIDO specifications, Nok Nok is the expert in deploying standards-based authentication, and its industry-leading customers and partners include Verizon, T-Mobile, Intuit, Cigna, Softbank, MUFG, NTT Docomo, Fujitsu Limited, Hitachi, Ericsson, MTRIX GmbH, NTT DATA, and OneSpan. For more information, visit www.noknok.com.
“As an early adopter of FIDO, we’ve seen significant business benefits and are completely on board with continuing to leverage the latest FIDO innovations with our partner, Nok Nok.”
– Rakan Khalid, Group Product Manager, Identity.
Intuit has delivered passwordless authentication across mobile applications and devices using Nok Nok’s S3 Suite. The results have reduced customer friction in their Intuit application experience.
Watch the FIDO Alliance Webinar: The Right Mix
Watch Marcio Mello discuss Intuit’s Nok Nok implementation at Identiverse 2019:
“Aflac is the first Japanese insurance provider to deploy a FIDO-certified solution, and we would like to continue collaborating with Nok Nok Labs to introduce it to banks, insurance industry and other industries.”
– Michihiko Ejiri, VP, Head of Portal Service Division, Service Technology Unit, Fujitsu Limited.
With the Nok Nok S3 Suite, Fujitsu has provided Aflac customers with strong authentication to their mobile claims payment application using any biometrics on their iOS and Android devices. The solution also provides Aflac and their customers with a scalable method to authenticate users that is interoperable with their existing security environments and reduces or eliminates the reliance on usernames and passwords.
“Our Forgot Password flows were running at about 65%. After we rolled out FIDO by Nok Nok, our forgot passwords dropped to 7%.”
Michael Engan, T-Mobile
Using the Nok Nok S3 Suite, T-Mobile has become a leader in carrier adoption of passwordless authentication. Their solutions have reduced forgotten passwords and dramatically improved customer satisfaction.
Watch Michael Engan from T-Mobile talk about their implementation of Nok Nok’s S3 Authentication Suite at Identiverse 2019.
“We can no longer rely on passwords for our financial or other sensitive transactions as they are weak, forgotten and easily hacked. We are very pleased with SoftBank’s decision to choose our standards-based authentication platform for their millions of customers.”
– Phillip Dunkelberger, President & CEO of Nok Nok Labs.
Millions of SoftBank’s mobile subscribers now have the ability to use biometrics for authentication through the mobile application “My SoftBank Plus”. With this implementation, SoftBank’s mobile users access data with the My SoftBank service using biometrics for a frictionless, simple and fast authentication experience.
“DOCOMO is a worldwide innovator in providing its millions of customers with simple and strong authentication backed by a standards-based approach.”
– Phillip Dunkelberger, President & CEO of Nok Nok Labs.
As one of Nok Nok’s earliest customers, NTT DOCOMO became the first carrier to offer a billing system that is enabled by FIDO, the first to offer a federated Identity system integrated FIDO, and was the first to offer a mobile device that authenticates via the iris biometric modality.
“Transactions using mobile devices are rapidly spreading and it is essential to support both usability and security. By combining Hitachi’s abundant system development capabilities and know-how in the financial system and security related fields, and Nok Nok’s globally deployed and proven FIDO certified products, we achieved this compatibility, which led to this adoption.”
– Mr. Nobuo Nagaarashi, General Manager, Financial Information Systems 1st Division, Hitachi, Ltd.
The M in MUFG stands for Mitsubishi, which is a combination of the words mitsu and hishi. Mitsu means three. Hishi means water chestnut, and the word denotes a rhombus or diamond shape. In partnership with Hitachi, MUFG has enabled passwordless authentication solutions across many of the bank’s apps and services.
“Nok Nok’s state-of-the-art, standards-based platform will deliver a tremendous user experience,”
– Steve Bell, Chief Technology Officer at Gallagher
When a horse called Joe took too much of a liking to using a car as a scratching post, owner Bill Gallagher Sr. devised a cunning electrical circuit that delivered a shock whenever the horse rocked the vehicle, and in doing so created a company. Today, with passwordless authentication from Nok Nok, Gallagher is leading the IoT industry with innovative solutions that work in your office and in the outback.
“Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience. Due to the FIDO standard, we are confident that both elements work together seamlessly to provide customers with the highest security standards, along with a transparent and agile user experience.”
– Juan Francisco Losa, Global Technology & Information Security Officer.
Nok Nok partnered with banking leader, BBVA to improve the security and user experience of the bank’s mobile banking services through state-of-the-art biometric capabilities.
“For our customers, we only use the most secure products on the market that meet their requirements. Nok Nok perfectly aligns within our product portfolio and we are proud of the very trusted partnership.”
– Lukas Praml, CEO of YOUNIQX.
YOUNIQX Identity AG, the award-winning subsidiary of the Austrian State Printing House (OeSD) and Nok Nok partnered to deliver a electronic identity system (eID) for the citizens of the country of Liechtenstein. This deployment represents the first time that Nok Nok’s FIDO platform has been used to deliver an eID.
FUN FACT
As of 2009 Liechtenstein’s per capita income was $139,100, the highest of any country in the world.
