SAN JOSE, CA, MARCH 29, 2022 – A new report conducted by the Ponemon Institute, the preeminent research center dedicated to privacy, data protection, and information security policy, and sponsored by Nok Nok Labs (Nok Nok™), the most scalable platform for modern identity and passwordless customer authentication, highlights the significant costs to businesses that result from authentication failures and weaknesses. Through its own primary research, Nok Nok has been aware that limited business data exists about the state of today’s system-level authentication processes and its relation to the business impact of authentication failures. As the first initiative of its kind to address this gap, the Ponemon Institute, working with Nok Nok, launched an industry survey of businesses with current digital transformation projects underway.
A systemic authentication failure occurs when organizations are unable to verify user identity across a user base due to weaknesses in the organization’s authentication processes. According to the study, which surveyed 1,007 IT staff, IT security leaders, and line of business leaders (LoBs), the average business losses across all types of authentication weaknesses range from $39 million to $42 million. The study also found that for authentication weaknesses that specifically result in a material business disruption, the average maximum business loss expands the range from $34 million to $40 million. Additionally, the study identified a significant gap that exists between IT security and LoBs in their internal alignment to address system-level authentication failures that prevent access from internal and external users to an organization’s goods and services.
Some of the consequences and economic losses created by system-level authentication weaknesses include excessive account recoveries, password resets, and susceptibility to automated attacks such as credential stuffing, where the attacker has a list of valid username and password credentials. Reasons that system-level authentication weakness can be costly include the associated downtime costs incurred to resolve authentication failures across a broad user base, the disruption of business processes, and the negative impact on third-party business relationships. And a key finding from the study is that there is universal agreement among internal stakeholders: when system-level authentications fail, the organization loses customers.
“Although it’s not surprising, it is revealing to see how high the cost of a system-level authentication failure can be for an organization,” said Larry Ponemon, Chairman and Founder of Ponemon Institute. “Knowing the significant potential cost, the data in this report should enlighten and motivate organizations to re-examine their security processes, access control methods and drive strategic alignment to mitigate system authentication weaknesses and related business risks.”
Relationship Between Internal User and External Customer Authentication
In the use case of employee identity and authentication, the internal gaps and misalignment in understanding system-level authentication can be a barrier to addressing the risks of authentication weaknesses. Some of these gaps highlighted in the survey include:
- The overall control of authentication processes. Only 32% of IT security respondents and 44% of IT security leaders say their organizations have a high level of control over their authentication processes while 67% of LoB respondents are confident in their organizations’ controls. There is a 2x disparity in how organizations perceive internal authentication control.
- Confidence that the risk of authentication failures can be reduced. 66% of LoB respondents say their organizations are very prepared or highly prepared to reduce the risk of authentication failures compared to 40% of IT security staff respondents. The misalignment and 1.6x disparity between internal groups’ confidence in addressing these failures foreshadows future systemic problems.
- Visibility into the increased volume and frequency of authentication failures. 71% of IT security respondents vs. 55% of LoB respondents say authentication failures have significantly increased. A wide disparity exists in how Internal groups assess authentication failures.
- Recognition of “real” employees, customers, or users from criminal imposters using stolen credentials. 66% of IT security staff respondents said it is very difficult or difficult vs. 48% of LoB respondents to defend against stolen credentials. Both groups agree that it is very hard for organizations to distinguish between credentials of trusted users vs credentials provided by cyber-criminals.
“This data is clearly eye-opening to the sizable risks and costs incurred when organizations do not properly address authentication failures that arise from system-level processes and workflows,” said Phil Dunkelberger, CEO of Nok Nok. “The gap that exists between the line of business and IT sides of the organization is alarming. It is clear that internal end-user authentication failures have many risks and incurred costs where the security environment is fairly controlled, meaning where an enterprise controls employee authentication hardware and platforms. Similarly, the same risks and even increased costs must exist where the organization enterprise has little or no control over the devices, platforms or connectivity used by its millions of customers in customer-facing authentication applications.”
Mr. Dunkelberger continues with “there needs to be more leadership coming from the top in bringing these two sides together to fix enterprise-wide, system-level authentication failures. Otherwise, the trend will continue and costs will continue to rise. With Nok Nok’s current focus on solving customer authentication issues, we have always believed authentication is the front door to customer trust. The results of this survey, as also applied to the consumer authentication use case, implies that system-level authentication weaknesses are going to drive even larger costs to companies, including the loss of their customers. Bottom line, the data related to internal misalignment within an organization shows that companies need to start thinking differently about user identity and authentication. This is one of the reasons why we started Nok Nok: to deliver solutions that provide a holistic approach for an organization’s IT and LoB requirements for end-user authentication that accelerate and enable digital transformation”.
Select the button to view and download the Ponemon Risks and Cost of Authentication Report.