Security concerns putting the handbrake on RPA adoption, despite spiking demand
October 2022 by CyberArk
Almost 1 in 4 security professionals claim RPA/bots are one of the biggest identity security risks within their organisation
Security concerns are holding back UK businesses’ adoption of Robotic Process Automation (RPA), according to CyberArk research. Despite 82% of UK organisations seeking to increase their RPA usage in the next 2-3 years, 71% of UK businesses are seeing their deployments hindered due to an inability to secure the technology.
RPA promises numerous benefits to organisations investing in it, including increased worker productivity, the automation of tedious and monotonous tasks, and improved efficiency. According to Deloitte it’s a market that will grow 19.5% this year alone, reaching a projected value of more than $2.9 billion globally prior to 2023.
But with its ascent also comes a wave of machine identities, in the form of RPA bots which undertake these tasks. In fact, our research found there are 39 machine identities for every one human identity within UK organisations.
This explosion in identities is putting more pressure on security teams, and leading to the creation of even more vulnerabilities, according to CyberArk’s study. The management of machine identities in particular is posing the biggest problem, given they can be generated quickly, often without consideration for security protocols. Two thirds (67%) of security professionals claim that bots regularly request access to sensitive data or assets, and almost 1 in 4 (23%) state that bots/RPA are one of the biggest identity security risks within their organisation.
Alongside this, almost a quarter (23%) of security professionals identified bots/RPA as a major threat to their organisation’s IT environment. Yet, only 23% of UK organisations have identity security controls in place for them – lower than all other countries questioned – showing a clear need for many to reconsider their approach to identity security controls.
David Higgins, senior director at CyberArk’s Field Technology Office commented, “RPA is big business, and for good reason. With the underlying benefits of saving businesses money, and workers time, it’s pervasiveness will continue. These statistics from our Identity Security research support what we have been discovering through our recent work with RPA vendors – RPA and bots are an immense threat.
“Given these bots have access to highly sensitive corporate information, organisations need to take steps to protect themselves. This should start with ensuring any recommended processes are implemented as a priority, including incorporating defence-in-depth, and installing an external credential vault and other defences to drive attackers to look for less resistive victims.”