Leaders in secure infrastructure access reduce the annual cost of security incidents by 90%, survey shows

• These “leaders” additionally experience 6x fewer security incidents than “novices”
• 71% of “novices” perceive the threat of security incidents to be growing over time, compared with 28% of “leaders”

OAKLAND, CA – October 1, 2024 – Teleport today announced the release of its 2024 Secure Infrastructure Access report, which shows a strong correlation between investment in secure infrastructure access and meaningful business impact. The report shows that “leaders” in secure infrastructure access experience 6x fewer security incidents and 90% lower cost incurred due to security incidents, compared to novices, at a time when identity-centered cyber attacks are becoming increasingly sophisticated and growing in frequency. Of survey respondents, 89% of organizations suffered at least one security incident in the past three years. Over half (52%) experienced at least four, and nearly one quarter (24%) were victims of an extraordinary 11 incidents.

Against this backdrop, the study canvassed the views of 250 senior US and UK decision-makers, assessing enterprise performance in infrastructure access security. Ten questions within the survey assessed overall effectiveness on a variety of factors. These include, for example, the number of security incidents experienced in the last three years, how quickly a company can react to security incidents, and how quickly they can determine who has access to infrastructure. The top third of scorers were labelled as leaders, and the bottom third were labelled as novices. The report indicates significant disparities between enterprises excelling and those early on their security journey.

The changing threat landscape is bleaker for novices

• Number of incidents: The chasm between the two groups is most profound when it comes to security incidents, such as data breaches, ransomware, unauthorized access, etc. Organizations with well-established infrastructure access security experienced 6x fewer incidents, with leaders suffering an average of two incidents over the last three years compared to the 12 suffered by novices. 67% of novices also feel there have been more incidents over time compared to just 16% of leaders.
• Costs: For 85% of organizations, the financial implications of security incidents are becoming increasingly important. Again, the gulf in outcomes between leaders and novices is significant. Novices are 50% more likely to experience costs related to an incident. The estimated annuallized cost of security incidents, calculated by factoring the likelihood each cost was incurred, multiplied by the cost per incident, is $6 million for novices. This is compared to just $637,310 for leaders - 90% less.
• Outlook: The perception of the threat landscape also significantly changes depending on whether an organization is a leader or a novice. 71% of novices perceive the threat of security incidents to be growing over time, compared with 28% of leaders. In fact, 39% of leaders believe it is getting significantly smaller. Leaders were, on average, 20% more likely to report doing well in a wide variety of infrastructure access security outcomes, including ensuring system availability (94%), preventing unauthorised access (93%), and protecting sensitive data (93%) among the best performing. In contrast, novices reported struggling the most with passing compliance audits (35%), maintaining system integrity (28%), and ensuring system availability (27%). Given the significant gap between the two groups, it is unsurprising that 68% of leaders rank their organization's efforts to prevent security incidents as ‘extremely effective', compared to just 11% of novices.

“The findings highlight that upfront investment in secure infrastructure access pays off in the long term and that while incidents do occur, exemplary organizations can protect their brand reputation and reduce the cost of incidents, supporting the business outcomes that infrastructure is designed to enable,” said Ev Kontsevoy, CEO and co-founder of Teleport.

“With identity-focused attacks on the rise, and with artificial intelligence lowering the cost and increasing the effectiveness of impersonation efforts, it is critical that organizations invest proactively in security measures that can block threat actors, reduce the blast radius of breaches when they do occur, and improve speed and agility of remediation,” said Frank Dickson, Group Vice President of IDC’s Security and Trust research practice.

Leaders deploy more essential safeguards for securing access to infrastructure

The study identified 13 essential safeguards that leaders are more likely to deploy compared to novices, resulting in notably different security outcomes.

The most impactful include:

• phishing-resistant passwordless authentication (67% more likely)
• crypto-authenticated identities for systems/resources (62% more likely)
• crypto-authenticated identities for users (55% more likely)

The findings show that implementing the safeguards can drive superior business outcomes over time. Notably, leaders were up to 60% less likely to report difficulties protecting against new attack vectors, such as AI impersonation or compromised privileged credentials, which the study shows are becoming increasingly difficult to defend against.

Organizational design also played a role, with 43% of leaders reporting extremely centralized responsibility for secure infrastructure access vs. 15% of novices.

“The best way for companies to avoid unnecessary detrimental business impact is to adopt a defense-in-depth approach, layering multiple security controls to detect, prevent, and respond to threats. Multi-factor authentication, least-privileged access to infrastructure, cryptographic identity, zero-trust access, secretless authentication, and robust identity and policy governance – these are all things that should be mandatory and enforced,” Ev added.

About the 2024 State of Infrastructure Access Security Report

The 2024 State of Infrastructure Access Security Report surveyed 250 senior decision-makers – Senior Managers, Director/VP or C-suite level – from the United States (125) and the United Kingdom (125) in organizations with 500+ employees, and can be downloaded at: goteleport.com/2024-survey-report

About Teleport

Teleport is the global provider of modern access to infrastructure, improving efficiency of engineering teams, fortifying infrastructure against bad actors or error, and simplifying compliance and audit reporting. The Teleport Access Platform delivers on-demand, least privileged access to infrastructure on a foundation of cryptographic identity and zero trust, with built-in identity security and policy governance. Headquartered in Oakland, California, Teleport is backed by Kleiner Perkins, Bessemer Venture Partners, and Insight Partners and serves more than 600 customers around the world. For more information, visit goteleport.com or follow @goteleport.

Press contact

Marcus Hedenberg
Babel PR
[email protected]
+44 (0) 7494 784 779