Verifying identity is not only the initial step in online security for accessing financial accounts, but it is also one of the more expensive for enterprises to screw up, according to a recent study,
According to a report released Tuesday by online researcher Ponemon Institute, a single authentication failure, such as a forgotten password or stolen credential, can cost a financial firm as much as $42 million and potentially lead to a disruption of business processes, customer retention and business relationships. The research, based on a survey of just over 1,000 IT staff, supervisors and line of business chiefs, points out a number of issues related to authentication.
“Although it’s not surprising, it is revealing to see how high the cost of a system-level authentication failure can be for an organization,” Larry Ponemon, chairman and founder of Ponemon Institute, said in a press release. “Knowing the significant potential cost, the data in this report should enlighten and motivate organizations to re-examine their security processes, access control methods and drive strategic alignment to mitigate system authentication weaknesses and related business risks.”
The report, conducted by the Ponemon Institute and sponsored by Nok Nok Labs, pointed out several concerns in account authentication. A "systemic authentication failure" happens when organizations cannot verify user identity across a user base due to weaknesses in the organization’s authentication processes.
“This data is clearly eye-opening to the sizable risks and costs incurred when organizations do not properly address authentication failures that arise from system-level processes and workflows,” Phil Dunkelberger, CEO of Nok Nok Labs, said in a press release.
According to the research, while authentication issues can cost an enterprise as much as $42 million, the study points out that authentication weaknesses that “specifically result in a material business disruption” can cost an organization from $34 million to $40 million.
The gap between IT security professionals and line of business managers' understanding of risk is at the heart of many issues, according to Ponemon’s research.
These gaps are most apparent when looking at “the overall control of authentication processes,” with only 32% of IT security respondents and 44% of IT security leaders saying their organizations have a high level of control over their authentication processes, while 67% of line of business managers said they have faith in their organizations’ controls. Even more troubling, 66% of line of business managers said their organizations are very prepared or highly prepared to reduce the risk of authentication failures compared with just 2 out of 5 IT security staff respondents.
“The gap that exists between the line of business and IT sides of the organization is alarming,” Dunkelberger said. “It is clear that internal end-user authentication failures have many risks and incurred costs where the security environment is fairly controlled, meaning where an enterprise controls employee authentication hardware and platforms.”