Current economic conditions and technology development have shown a rise in identity-based cybersecurity exposure, according to a report by CyberArk. According to the report, nearly all (99%) expect identity-related compromise this year, stemming from economic-driven cutbacks, geopolitical factors, cloud adoption and hybrid working.

A majority (58%) say this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration. Fueling a new wave of insider threat concerns from disgruntled ex-staffers or exploitable leftover credentials, over two-thirds (68%) of organizations expect employee churn-driven cyber issues in 2023. Other findings include:

  • Organizations will deploy 68% more SaaS tools in the next 12 months vs. what they have now.
  • 93% of security professionals surveyed expect AI-enabled threats to affect their organization in 2023, with AI-powered malware cited as the #1 concern.
  • Nearly nine in 10 of the organizations surveyed experienced ransomware attacks in the past year, and 60% of affected organizations reported paying-up twice or more to allow recovery, signaling that they were likely victims of double extortion campaigns.
  • 67% of energy, oil and gas companies expect they would not be able to stop or detect an attack stemming from their software supply chain (versus 59% for all organizations). Most respondents from this vertical (69%) also admit they hadn’t attempted to mitigate this through implementing better security in the last 12 months.
  • 63% say highest-sensitivity employee access is not adequately secured and greater numbers of machines have sensitive access than humans (45% vs. 38%).
  • Credential access remains the top risk for respondents (cited by 35%), followed by defense evasion (31%), execution (28%), initial access (28%) and privilege escalation (27%).
  • Business critical applications e.g., revenue-generating customer-facing applications, enterprise resource planning (ERP) and financial management software, were named as the area of greatest risk due to the unknown and unmanaged identities that access them. Forty-six percent have identity security controls in place to secure business-critical apps.
  • Third parties such as partners, consultants and services providers are cited as top riskiest human identity type.
  • 69% say robotic process automation (RPA) and bot deployments are being slowed due to security concerns.