Cerby, the cybersecurity leader in protecting applications that lack support for identity and security standards, known as nonfederated or unmanageable applications, today released the results of a new study conducted by the Ponemon Institute.

Cerby issued the new study and its findings at the RSA Conference 2023 in San Francisco, where the world talks security. Cerby is exhibiting at RSA with the Microsoft for Startups program, an ecosystem that supports and advances the most innovative and urgently needed emerging solutions in cybersecurity. The complete report can be downloaded here.

The results of this new study unveil dangers and costs linked to nonfederated applications. Due to the lack of support for identity standards, these applications are not capable of being managed with identity providers. Organizations face a ticking time bomb as the growing prevalence of unmanageable applications amplifies cybersecurity and financial risks. The findings underscore the urgent need for organizations to confront looming cybersecurity risks and the economic consequences of these applications' widespread use and mismanagement.

Key findings include:

Decentralized Management: A Recipe for Disaster
63% of respondents admit business units, rather than security and identity teams, control granting and revoking access to nonfederated applications. This dangerously decentralized approach to application management opens the door to devastating cybersecurity risks. 52% of respondents experienced a cybersecurity incident due to nonfederated applications. 63% reported a minimum of 4 and more than 5 incidents.

Skyrocketing Costs Squandered on Provisioning and Deprovisioning
The data shows crushing costs and time spent provisioning and deprovisioning access to applications spiraling out of control. Organizations are burdened with two significant costs when it comes to nonfederated applications. The first cost is related to staffing, specifically provisioning and deprovisioning, which totals $648,000 annually. The second cost is the financial impact of cybersecurity incidents involving nonfederated applications, which requires an average of $292,500 annually for investigation and remediation.

Dangers of Ignorance and Risk Underestimation
44% of respondents assert that management remains ignorant of the cybersecurity risks of nonfederated applications. However, 82% acknowledge the critical importance of securing these applications once enlightened about the perils.

"The Ponemon Institute's research exposes the risks nonfederated applications pose to organizations," said Bel Lepe, CEO and co-founder at Cerby. "By sounding the alarm on risks and costs, we aim to jolt organizations into action and encourage them to implement comprehensive processes and solutions that effectively address and mitigate these threats."