Press release

New Centrify Survey Reveals Most Organizations Are Over-Confident in Their Ability to Stop Data Breaches

Sponsored by Businesswire

a leading provider of cloud-ready Zero Trust Privilege to secure modern
enterprises, today announced results of a new survey in partnership with
TechVangelism that indicate the majority of organizations are
ill-prepared to protect themselves against privileged access abuse, the
leading cyber-attack vector. Seventy-nine percent of
organizations do not have a mature approach to Privileged Access
Management (PAM), yet 93% believe they are at least somewhat
prepared against threats that involve privileged credentials (TWEET
). This overconfidence and immaturity are underscored by 52%
of organizations surveyed stating they do not use a password vault,
indicating that the majority of companies are not taking even the
simplest measures to reduce risk and secure access to sensitive data and
critical infrastructure.

The survey of 1,300 organizations across 11 industry verticals in the
U.S. and Canada reveals that most organizations are fairly
unsophisticated and still taking Privileged Access Management approaches
that would best be described as “Nonexistent” (43%) or
“Vault-centric” (21%). More sophisticated organizations take an
“Identity-Centric” (15%) approach that tries to limit shared and
local privileged accounts, replacing them with centralized identity
management and authentication with an enterprise directory. The most
protected organizations are considered “Mature” (21%) because
they address PAM by going beyond vault- and even identity-centric
techniques by hardening their environment further via a number of
initiatives (e.g., centralized management of service and app accounts
and enforcing host-based session, file, and process auditing).


“This survey indicates that there is still a long way to go for most
organizations to protect their critical infrastructure and data with
mature Privileged Access Management approaches based on Zero Trust,”
said Tim Steinkopf, CEO of Centrify. “We know that 74%
of data breaches
involve privileged access abuse, so the
overconfidence these organizations exhibit in their ability to stop them
from happening is concerning. A cloud-ready Zero
Trust Privilege
approach verifies who is requesting access, the
context of the request, and the risk of the access environment to secure
modern attack surfaces, now and in the future.”

The survey also revealed some specific insights about the solutions
being used to control privileged access, including:

  • 52% of organizations are using shared accounts for controlling
    privileged access.
  • 58% of organizations do not use Multi-Factor Authentication
    (MFA) for privileged administrative access to servers.
  • 51% of organizations do not control access to transformational
    technologies with privileged access, including modern attack surfaces
    such as cloud workloads (38%), Big Data projects (65%),
    and containers (50%).

Looking at organizations’ PAM maturity by industry, some surprises

  • 39% of Technology organizations have a Nonexistent approach to
  • Two highly-regulated industries, Healthcare (45%) and
    Government (42%), also scored high for Nonexistent PAM maturity.
  • Finance (27%) unsurprisingly scored highest in the
    Mature category, followed by Energy/Utilities (26%), and then
    Technology (25%), as well as Healthcare (22%).
  • Professional Services is taking a highly Vault-Centric approach to PAM
    at 29% of organizations.

Industry research firm Gartner named PAM a Top 10 security project for
20191 and has predicted it to be the second-fastest growing
segment for information security and risk management spending worldwide
in 20192. However a vault-centric approach is not enough for
modern attack surfaces.

Centrify is redefining legacy approaches to PAM with cloud-ready Zero
Trust Privilege. To download a complimentary copy of the survey results,
please visit

For more information about Centrify Zero Trust Privilege, visit

1 Gartner, Top 10 Security Projects for 2019, Brian Reed |
Neil MacDonald | Peter Firstbrook | Sam Olyaei | Prateek Bhajanka, 11
February 2019.
2 Gartner, Forecast Analysis: Information
Security and Risk Management, Worldwide, 3Q18 Update, Rustam Malik |
Deborah Kish | Christian Canales | Ruggero Contu | Sid Deshpande |
Elizabeth Kim | Dale Gardner, 12 December 2018.

About Centrify

Centrify is redefining the legacy approach to Privileged Access
Management by delivering cloud-ready Zero Trust Privilege to secure
modern enterprise attack surfaces. Centrify Zero Trust Privilege helps
customers grant least privilege access based on verifying who is
requesting access, the context of the request, and the risk of the
access environment. By implementing least privilege access, Centrify
minimizes the attack surface, improves audit and compliance visibility,
and reduces risk, complexity and costs for the modern, hybrid
enterprise. Over half of the Fortune 100, the world’s largest financial
institutions, intelligence agencies, and critical infrastructure
companies, all trust Centrify to stop the leading cause of breaches –
privileged credential abuse.

Centrify is a registered trademark of Centrify Corporation in the United
States and other countries. All other trademarks are the property of
their respective owners.