How to Build the Case for a Credential Manager: The Cost of Doing Nothing

As an IT pro, you understand that your organization needs a credential manager. Working on the frontlines to defend employees, IT systems, and data, you’re confronting the risks of poor password practices daily. You know that a credential manager is a simple, low-cost tool that can keep your organization secure while streamlining credential management for all employees.

But you don’t have control over the security budget. Your boss and other decision-makers don’t live and breathe security like you do, which means you have to build the business case for a credential management solution. Convincing them, however, may feel like an uphill battle, especially when your request competes with many other budgetary priorities.

The first step is to clearly demonstrate the high cost of not investing in a standalone credential manager so the decision-makers understand what’s at stake and how a credential manager can help your organization manage security risks.

A standalone, purpose-built credential manager does require an additional expense. On the surface, not investing into this tool seems like cost savings. But the risks of weak and ineffective password security practices are tremendous—and ultimately come with high costs.

Stolen credentials remain the top initial action in data breaches. Basic web applications (such as cloud-based collaboration apps) are the asset type most targeted in an initial compromise, and the majority (77%) of hacking-related web application attacks involve stolen credentials. With organizations’ increased reliance on cloud-based apps and the expanding remote workforce, no organization can afford to ignore this risk.

The cost of data breaches is growing as well, reaching a global average of $4.88 million in 2024, compared to $3.86 million in 2020. Breaches involving compromised credentials are not only among the costliest, but also take the longest to identify and contain (an average of 292 days).

Your employees manage a growing number of passwords. Dashlane data shows that, on average, an organization has between 52 and 122 credentials per user, depending on size (with smaller organizations having the largest number).

Managing all these passwords is complicated. Half of surveyed consumers admit to having to reset their passwords at least once a month because they forget them. And nearly two-thirds of those who forget work passwords can’t access critical information they need to do their job, impacting their productivity.

Password resets impact IT productivity as well. On average, organizations deal with 923 password resets each year, some of which require IT intervention and support. This can add up to tens of thousands of dollars each year.

A data breach can lead to a loss of customers and sales opportunities. People want to do business with brands they trust, and data privacy and security is a big part of that trust.

More than 80% of surveyed consumers say they would likely stop doing business with a company after it experienced a cyberattack. Similarly, 66% of surveyed U.S. consumers would not trust a breached company with their data.

A cybersecurity incident like a data breach or ransomware attack can even put an organization out of business. Here are some examples:

By outlining the cost of doing nothing and providing examples, you help your organization’s decision-makers understand why investing in credential security is critical. However, this is just the first step.