A new global report released today shows how the tension between difficult economic conditions and the pace of technology innovation, including the evolution of artificial intelligence (AI), is influencing the growth of identity-led cybersecurity exposure. The CyberArk 2023 Identity Security Threat Landscape Report details how these issues — allied to an expected 240% growth in human and machine identities — have the potential to result in a compounding of "cyber debt": where investment in digital and cloud initiatives outpaces cybersecurity spend, creating a rapidly expanding and unsecured identity-centric attack surface.
The report is a result of a worldwide survey across private and public sector organizations of 500 employees and above conducted by market researchers Vanson Bourne amongst 2,300 cybersecurity decision makers. Respondents were based in Brazil, Canada, Mexico, U.S., France, Germany, Italy, the Netherlands, Spain, the UK, Australia, India, Israel, Japan, Singapore and Taiwan.
- 99% expect identity-related compromise this year, stemming from economic-driven cutbacks, geopolitical factors, cloud adoption and hybrid working. 58% say this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration.
- Fueling a new wave of insider threat concerns from — for example — disgruntled ex-staffers or exploitable leftover credentials, 68% of organizations expect employee churn-driven cyber issues in 2023.
- Organizations will deploy 68% more SaaS tools in the next 12 months versus what they have now. Large proportions of human and machine identities have access to sensitive data via SaaS tools and if not secured properly can be a gateway for attack.
- 93% of security professionals surveyed expect AI-enabled threats to affect their organization in 2023, with AI-powered malware cited as the No. 1 concern.
- 89% (up from 73% in the 2022 report) of the organizations surveyed experienced ransomware attacks in the past year, and 60% of affected organizations reported paying-up twice or more to allow recovery, signaling that they were likely victims of double extortion campaigns.
- 67% of energy, oil and gas companies expect they would not be able to stop — or even detect — an attack stemming from their software supply chain (versus 59% for all organizations). 69% also admit they hadn’t attempted to mitigate this through implementing better security in the last 12 months.