Cyber SafetyIdentity & AccessPress ReleaseThreat Detection & Defense

72% of APAC Organisations Admit to Being a Victim of Identity-Based Attacks

Photo of CSA Editorial CSA Editorial Send an email April 6, 2023
3 minutes read

CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced findings of a global survey that explores trends in Identity Security adoption and the relative maturity of organizations embarking on related strategies. Results show that only 9% of global organizations are taking an agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud environments. The report features an Identity Security maturity model to help cybersecurity leaders assess their current strategies, uncover risks and take steps to strengthen cyber resilience.

Experts Recognize Identity Security as Critical Path for Cyber Resilience 
“The Holistic Identity Security Maturity Model: Raising the Bar for Cyber Resilience”1 report features results from a survey of 1,500 cybersecurity professionals conducted by CyberArk and Enterprise Strategy Group (ESG). Based on the global survey, the data-driven model identifies 9% of organizations as those with the most mature and holistic Identity Security strategies. These Transformative organizations have a well-rounded focus on implementing Identity Security tools, are inherently agile and display a “fail fast, learn faster” characteristic even in times of a successful cybersecurity attack.

42% of global respondents’ Identity Security programs, however, are in the earliest stage of maturity and lack foundational tools and integrations to quickly mitigate identity-related risk. An expanding identity attack surface, IT complexity and several organizational roadblocks contribute to this widespread Identity Security deficit. Notable local findings include:

  • Strategy and Outcome Gap: 69% of global C-level executives believe they are making correct Identity Security-related decisions compared to 52% of all other personnel (technical decision makers and practitioners).
    • In APAC, only 60% of C-level executive believing that they are making correct Identity Security-related decisions. The gap highlights the perception that overall security can be achieved by making the right technology investments. But that is only part of the story. Strategically maximizing those investments to include implementation and integration with existing environments, breaking down silos and improved training are equally important.
  • Disparate Endpoint Data: 94% of APAC respondents believe that endpoint security or device trust and identity management are essential to a robust Zero Trust strategy, and 65% of APAC respondents believe the ability to correlate data is critical for effectively securing endpoints.
  • Impact of cybersecurity attacks in APAC: As a result of a successful cybersecurity attack tied to an identity-related or permission-/entitlement/credential-related incident in the last 12 months, APAC organizations suffered from the following business impact:
  • Loss of customers/revenue: 44% 
  • Paid compliance fines: 47%
  • Had difficulty responding to an audit/failed an audit: 49%
  • Impact on the ability to provide services: 51%
  • Reasons that Hold Back Organizations: Top reasons listed by APAC organizations that hold them back from optimizing its strategy on identity-related security issues are the lack of cybersecurity staff (41%) as well as the competency to secure identities (38%).
  • Fragmented Efforts: 58% of global organizations have two teams responsible for securing identities in the cloud and on-premises and rely on numerous point solutions, making it difficult to understand their real-time security posture.


“This research uncovers the relationship between a strong Identity Security strategy and enhanced business outcomes,” said Jack Poller, senior analyst, Enterprise Strategy Group (ESG). “More frequent and timely maturity assessments can help ensure the right users have access to the right data, and that organizations can act quickly enough to stop threats before they stop business.”

A Peer-Based Framework for Security Experts to Mature Holistic Identity Security Strategies
Drawing from these data-based peer insights, the Holistic Identity Security Maturity Model framework is designed to help organizations evaluate their maturity across four tenets of Identity Security:

  • Procurement of tools spanning management, privilege controls, governance, authentication and authorization for all identities and identity types.
  • Integrations with other IT and security solutions within the organization’s stack to secure access to all corporate assets and environments. 
  • Automation to help ensure continuous compliance with policies, industry standards and regulations, along with rapid response to high-volume routine and anomalous events.
  • Continuous threat detection and response capabilities based on a solid understanding of identity behaviors and organizational policies.


“While 72% of APAC organizations admit to being a victim of identity-based attacks, this percentage is likely much higher as adversaries continue to successfully target and compromise identities at scale,” said Amita Potnis, Director, Brand and Thought Leadership, CyberArk. “The main focus for organizations looking to adopt a mature holistic Identity Security strategy is to secure access for all identities – human and machine – by breaking down silos and adopting a consolidated and automated approach for Identity Security. Our research indicates that many have already begun investing in this journey, with 24% of organizations committing more than 10% of their overall cybersecurity budget their Identity Security programs this year.”

Transformative organizations, which account for 9% of the total respondent base, have reached the pinnacle of maturity having embraced a unified approach to Identity Security. The CyberArk Identity Security Platform embodies this approach, applying intelligent privilege controls to all identities – human and machine – with continuous threat detection and prevention across the entire identity lifecycle. With CyberArk, organizations can enable Zero Trust and least privilege with complete visibility, ensuring that every identity can securely access any resource, located anywhere, from everywhere.

To access the full survey and framework, download the report:  https://www.cyberark.com/resources/analyst-reports/the-holistic-identity-security-maturity-model

Photo of CSA Editorial CSA Editorial Send an email April 6, 2023
3 minutes read
Photo of CSA Editorial

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Financial Phishing

Financial Phishing Continues to Be Menace to SEA Companies—Kaspersky

November 28, 2024
Keeper Security

Williams Racing Chooses Keeper Security to Safeguard Data in Formula 1’s High-Stakes, Data-Driven World

November 28, 2024
resilient cybersecurity frameworks

Beyond Legislation: How Businesses Can Build Resilient Cybersecurity Frameworks

November 28, 2024
Tanium Automate

Sleepless Nights & Security Gaps: Why Automation Is Your Cybersecurity Ally

November 27, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net