The ROI of Credential Management: Understand the Benefits Before It’s Too Late
Costly security incidents stemming from stolen, weak, or reused credentials continue to be a tremendous risk for organizations of all sizes. Yet prioritizing investments in security is often a struggle due to so many other competing business needs.
While not investing in a credential manager sounds like a cost savings, the cost of doing nothing can actually be quite high. Recently, Dashlane hosted a webinar to discuss the return on investment of a credential management tool. Our experts, SVP of Product and Partnerships Jon Cho and VP of Product Marketing Rachael Stockton, talked about how credential management can enhance security while saving time, reducing costs, and streamlining processes.
If you missed the live event, we’ve gathered the top five takeaways from the conversation. And if you’d like to dive deeper and gain more insights from the experts, check out the replay.
1. Poor employee behaviors are at the root of the problem.
Stolen credentials remain the leading cause of initial actions in breaches. More often than not, these credentials are stolen due to unsecure employee behavior. This is especially a challenge now because personal and work life have merged, leading to an increase in personal credentials being reused at work and vice versa. This merging also increases the risk for compromised passwords and unapproved apps used on work devices.
Unfortunately, human behaviors are hard to change no matter how much effort organizations put into it. Malicious actors know this and take full advantage. For instance, 86% of organizations experienced bulk phishing attacks in 2021, up from 77% the year before. The situation hasn’t changed much since then, despite concerted efforts through employee awareness and education programs.
2. The implications for organizations are far-reaching.
A breach is a very disruptive event for an organization, as resources get moved around to respond and mitigate it. Data shows that on average, time lost to a data breach can be as high as 292 days, including:
- System downtime, which directly translates to lost productivity while the problem is being addressed
- Investigation and response, which involves not only IT teams and incident responders who are identifying the source and analyzing the event, but also legal counsel, the communications team, and public relations personnel
- Customer support, which could take a significant time as organizations address customer concerns, provide support, and manage potential legal issues
The direct monetary losses from a single data breach can leave a big impact on the bottom line. IBM Security’s latest data shows that the average cost of a data breach globally is $4.88 million. The reputational costs are more difficult to measure, but various studies have shown that consumers want to do business with brands they trust—and a breach can quickly erode that trust.
3. IT leaders are facing ever-complex challenges.
For IT leaders, addressing security risks overall grows more complicated every year. IT has to grapple not only with staying ahead of cyber threats and managing user access to sensitive data, but multiple other challenges, including:
- Managing a complex network of servers, apps, and devices across different platforms
- Integrating cloud services with existing infrastructure, managing costs, and ensuring security in the cloud
- Balancing user needs with security requirements, providing timely technical assistance, and managing user access levels
- Minimizing system outages and quickly resolving issues when they occur
- Adhering to industry regulations and data privacy standards
- Keeping up with new technologies and adapting to evolving industry trends
These challenges are constantly evolving with the growth in remote work and phishing vulnerabilities—and now, the use of AI.
4. Proactive credential security helps improve outcomes.
As credential-based threats remain the top risk, many security and IT teams are responding reactively—addressing the threats as they happen rather than building resilience to prevent their occurrence. Shifting to proactive credential security can greatly improve outcomes by providing actionable data to manage risk effectively.
Being proactive means having:
- Visibility into credential threats across the entire organization
- Complete protection against potential compromise
- Fast and streamlined processes to continuously build up security posture and have contingency plans when there is a risk to the business
- A tool that enables the organization and employees to be a part of the solution
Dashlane recently introduced two new features that allow IT and security leaders to shift to proactive credential security:
- Credential Risk Detection: Comprehensive credential risk visibility through real-time detection, automatically identifying vulnerable employee accounts across the organization, including outside the vault
- Nudges: Notifications that proactively protect confidential data by identifying at-risk credentials in-context and sending automated messages to alert employees to secure their accounts
5. Talk about the bottom line to get buy-in from executives.
IT leaders typically don’t have control over the budget, which means they need to convince their higher-ups about the importance of credential security. Executives care about the bottom line, and showing them the cost of doing nothing can be an effective way to start the conversation.
For instance, a recent Dashlane survey (to be published in February) found that 73% of IT teams are dealing with password resets, which can be a big drain on their productivity. And for financial institutions, non-compliance with the Federal Trade Commission’s safeguards rule could cost $100,000 per occurrence.
It’s also important to compare the price of credential security next to the cost of a security incident. As mentioned earlier, a data breach costs an average of $4.88 million—whereas securing credentials with Dashlane, for example, can cost just $5 per employee per month.
Ultimately, proactive credential management is an investment that could save money in the long run, not only on mitigating breaches but also on improved productivity both for IT and employees.
Sign up to receive news and updates about Dashlane
