Ponemon Institute highlights rise in authentication failure rates and related costs
A new report by the Ponemon Institute and sponsored by California-based biometric multi-factor authentication provider Nok Nok Labs has highlighted the financial impact of digital identity authentication failures on several organizations.
The document initially defines authentication failures as “weakness in an organization’s authentication processes resulting in an inability to verify user identity” and estimates such events are currently costing organizations an annual average of approximately $3 million.
In terms of maximum losses caused by a single authentication failure, respondents said they could range from $39 million to $42 million.
The main events connected to such losses range from the downtime required to resolve authentication failures, to disruption of business processes, as well as the loss of customers and the negative impact on third-party and business relationships.
In compiling the report, the Ponemon Institute said it surveyed 360 IT security staff, 339 IT security leaders, and 308 non-IT security leaders or lines of business leaders (LoBs), all of whom are “familiar with authentication processes in their organizations and have some level of responsibility for the security of their organization’s authentication processes.”
The Ponemon Institute report also highlighted the perception gap of digital ID authentication failures in organizations.
In fact, only 32 percent of IT security staff respondents and 44 percent of IT security leaders said their organizations had a high level of control over their authentication processes.
Sixty-six percent of IT security staff respondents also said it is difficult or very difficult to differentiate the “real” employees, customers, and/or users from criminal imposters who are using stolen credentials.
When asked about strategies to reduce authentication failures, only 33 percent of the IT security staff said their organizations had one, against 41 percent of IT security leaders and 49 percent of LoB leaders.
To prevent authentication failures, 22 percent of all respondents confirmed they have adopted passwordless authentication.
The remaining 78 percent have not done so for a variety of reasons, including legacy systems and applications that do not support the technology, and the belief that their existing password authentication process works well enough.
The adoption of passwordless authentication is on the rise, however, with a separate 2021 report from the Ponemon Institute in collaboration with Secret Double Octopus suggesting a 66 percent increase over the next year and a half.