Cutting costs in the economic downturn has become a priority for many business leaders and one area that can produce quick savings for all is password resets. Adding no value to businesses, they reduce employee productivity and come with an astronomical price tag, says Julia O’Toole, CEO of cyber product firm MyCena Security Solutions.
For example, FTSE 100 companies alone could be squandering £1.5 billion annually on password resets! But how can businesses eradicate these costs and put the savings back in their pockets?
First of all, password resets only happen because it is the employees who create their company’s passwords, which is equivalent to letting employees make the access keys to the office buildings or factories.
In the digital era, employees have been acting as the gatekeepers to the organization. They are the ones generating and holding the keys to the kingdom, not the employers, who have lost control of their keys. And with hundreds of keys to remember, it is no wonder employees constantly forget these passwords, resulting in high password reset costs.
According to research from Statista, in 2022 56pc of employees reset their passwords at least once every month. Setting that figure alongside data from research house Forrester, which says the average cost of a password reset to businesses is $70 (£56.39), this reveals the true costs of password resets. As an example, FTSE 100 businesses, who collectively employ 4 million people, face monthly password reset costs of over £126 million or £1.5 billion annually.
And that’s just in direct costs. The indirect costs of losing access control are even higher.
When employees know their passwords, they are vulnerable to getting these passwords phished. According to World Economic Forum, 95% of breaches originate from human error. This is by far the leading cause of corporate breaches, way above exploited vulnerabilities. That means not letting users know their passwords would help businesses to not only eliminate the direct cost of password resets, but also drastically reduce the risk of breaches, which cost an average of $4.35 million according to the Ponemon Institute. In addition, it also allows organizations to avoid GDPR fines of up to 4% of annual revenue for failing to control their access.
Regain access control
For users to not know their passwords, companies can simply encrypt them. If encrypted, employees can’t know their passwords, they can’t lose them, forget them, or hand them over in phishing scams. This means they no longer pose a security threat. To that effect, organizations can use access segmentation and encryption management (ASEM) solutions to generate strong random passwords for all systems and distribute them encrypted to employees, so no one ever knows them.
Having no more forgotten passwords to reset is in fact mirroring the physical world, where there is no need to constantly change door locks in offices or factories.
This is how organizations can regain control of their own access, solve password security issues and remove the costs of resets at the same time.
Improve cyber-resilience
The access segmentation and encryption management model offers huge security advances and cyber-resilience over the single access model, whether Zero Trust, privileged access management, identity access management, or biometric access, which gamble the entire security architecture on users not getting caught out by phishing scams and AI.
In a single access model, the employees are still the key makers for the organization, but instead of having fifty keys to open fifty doors, they only need one key that opens fifty doors. If one employee master password or biometric is stolen or lost, it could be game over as criminals only need to open one single access, escalate privileges and access the entire corporate network.
Cybersecurity that provides an immediate financial ROI
As organizations continue to look for cost-cutting measures, regaining access control can provide an instant cost saving for businesses. Unlike other cybersecurity spends, where the ROI is that nothing bad has happened, eliminating password resets costs has a positive financial ROI that all C-levels and business leaders can immediately measure after implementation.
Furthermore, removing passwords from the knowledge of users will bolster their cybersecurity coverage by 95%, closing the doors on human-error cyberattacks, while significantly improving cyber resilience.
