News
Gov’s cyber breaches report: 89% of businesses fail to change passwords after a breach
April 2023 by Rob Otto, EMEA field CTO at Ping Identity
Almost 90% of British businesses DO NOT change passwords after breach.
Over the last year, a shocking 89% of British businesses have failed to change their password following a disruptive breach or attack that had material outcomes – such as loss of money, files or other assets.
Research from the latest UK Cyber Breaches Report has been assessed by identity and access management company, Ping Identity, who also found that a whopping 93% of charities left their passwords unchanged after their systems were compromised. Instead, the most common actions taken were a mixture of additional staff training or communications, as well as implementing new technical controls such as changes to the firewall.
Rob Otto, CTO at Ping Identity, said:
“These results are shocking. For decades, the industry has acknowledged that poor password security is the easiest way for an attacker to get into a network, or compromise an account, and – as we can see – a breach or attack is catastrophic for businesses.
“We are therefore once again urging organisations of all sizes – but particularly medium and large enterprises with sizeable customer-bases – to say goodbye to outdated procedures and severely improve how they approach login processes.
“Going forward, organisations must be looking at simplifying access, reducing the action to a single sign-on and utilising multi-factor authentication for an extra wall which will protect against cybercriminals who can smell poor security measures. Ultimately protecting their business from a data breach or attack that can have significant and lasting damage.”
Figures show that medium and large businesses were the most unlikely to have taken any action to prevent future breaches – after losing an average of just under £5,000 as a result of an attack - with 74% and 83% respectively failing to safeguard their operations from future incidents.
