CLEVELAND--(BUSINESS WIRE)--As information security budgets grow and funds are allocated to protect the defensive perimeter, many companies have overlooked the critical importance of digital certificate management. And a new study shows it could cost them up to $67.2 million over the next two years. The study, a benchmarking report released today by Keyfactor, a leading provider of secure digital identity management solutions, and Ponemon Institute also finds that 71% of IT pros believe that their organization does not know exactly how many keys and certificates it has.
“Digital identity is a critical component of any organization – its currency, really,” said Chris Hickman, Chief Security Officer at Keyfactor. “The Keyfactor-Ponemon study shows that organizations are spending an average of $18.2 million on IT security annually and only 14% of that is allocated to PKI. Yet the average company is managing upwards of 83,000 digital certificates to encrypt data and authenticate servers and secure data on IoT devices. The burden of PKI should be offset by technology that reduces risk and operational costs, improves efficiencies and automates certificate lifecycle management.”
Measuring the Cost of Unsecured Digital Identities
The report, titled “The Impact of Unsecured Digital Identities,” provides data-driven insights into the dangers and consequences of weak digital identity management. Key report findings include:
- When It Comes to Digital Identity Management, Companies are in the Dark: 71% of IT pros believe that their organization does not know how many keys and certificates it has.
- Mismanagement of Digital Certificates Causes Downtime & Outages: 74% of respondents say digital certificates have caused and still cause unanticipated downtime or outages – at an average cost per organization of more than $11M.
- The Consequences are Costly: The total cost of downtime and outages averages $67.2 million per company over a period of two years. This is due to system administration and support time, lost productivity, immediate revenue loss and diminished brand reputation.
- Reputation is at Stake: 73% of IT pros believe that failing to secure keys and certificates undermines the trust their organization relies upon to operate.
“The findings of our research with Keyfactor underscores the importance of digital identity management – it isn’t receiving the attention or resources that it requires,” said Dr. Larry Ponemon, founder of the Ponemon Institute. “Companies need to take steps today to put processes and technologies in place to proactively manage certificates and keys in the enterprise.”
“We know that many organizations struggle with properly and efficiently managing certificates and there’s a clear gap in understanding how critical it is, especially at the executive level,” continued Chris Hickman. “Unfortunately digital identity management is often siloed and assumed to be a pure IT function. This report should empower PKI and infosec teams to ask for the resources they need to fully manage and secure every digital identity.”
The study was conducted by Ponemon Institute on behalf of Keyfactor, and included responses from 596 IT and IT security practitioners in the United States across critical industries including financial services, healthcare and medical devices, retail and automotive.
Keyfactor, formerly Certified Security Solutions (CSS), is a leading provider of secure digital identity management solutions that enable organizations to confirm authenticity and ensure the right things are interacting in the right ways in our connected world.
From an enterprise managing millions of devices and applications that affect people’s lives every day to a manufacturer aiming to ensure its product will function safely throughout its lifecycle, Keyfactor empowers global enterprises with the freedom to master every digital identity. Its clients are the most innovative brands in industries where trust and reliability matter most.
About Ponemon Institute
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.
We uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions.