The pandemic years saw organisational digital initiatives drive hundreds of thousands of new human and non-human identities per firm. However, cybersecurity investments to secure these initiatives have not kept pace, according to new research from CyberArk. The resulting ‘cyber debt’ from this lag is set to compound in 2023.
The CyberArk 2023 Identity Security Threat Landscape Report said every UK organisation it surveyed (100 percent) anticipates they will experience an identity-related security compromise in 2023. Most (61 percent) said this will happen as a result of a digital transformation initiative such as cloud adoption or legacy app migration.
Alongside this, 61 percent expect employee churn to drive cyber issues in 2023. It’s a particularly concerning find given investment in digital and cloud initiatives is still ongoing as business leaders seek to unlock greater efficiencies. UK firms expect human and machine identities – many with sensitive access – to grow 3.4x in 2023.
Organisations believe macro issues, such as the global economic squeeze, elevated levels of staff turnover and an uncertain political environment are also likely to lead to identity-centric compromise.
If you liked this content…
Central government leads the way in data analytics and AI for public sector transformation 
Government IT Spending Set to Rise Next Year as AI Priorities Strengthen
Could AI deliver on the broken promise of “many eyes” in cybersecurity?
11 emerging technologies the public sector needs – Forrester
AI a double-edged sword in cybersecurity
AI-powered malware
Against a backdrop of the growing popularity and fast adoption of generative AI, the research also revealed that 87 percent of UK security professionals expect AI-enabled threats to affect their organisation this year. AI-powered malware is cited as the number one concern. UK cybersecurity teams also report embracing AI at scale, with 88 percent adopting it, for example, to address the cyber skills gap, or for breach detection.
“Despite firms having to tighten their belts – cutting costs through reduced staffing and budgets – the drive within organisations to enhance business efficiencies through cloud and digital initiatives remains strong. New environments create new identities to secure and, consequently, compromising identities will remain the most efficient method for attackers to evade cyber defences and gain access to critical data and assets,” said Rich Turner, SVP, EMEA at CyberArk.
“The identity-centric attack surface is one that is a priority to secure. To be best positioned to weather the current storm, firms should follow a risk-based strategy to secure critical assets. The stakes are high and, in this environment, we now increasingly see organisations initiate programmes to consolidate operations on a smaller set of trusted partners and solutions to build resilience.”
