The research was conducted to measure the uptake of new identity and access management (IDAM) technologies and showed that 71 per cent of businesses still use username and password authentication – one of the weakest security measures – to verify identities.
Siemens Insight Consulting, which ran the survey, said few businesses were adopting more stringent measures and described attitudes as ‘extremely lax’.
“The lack of single ‘sign-on’ awareness, together with reliance on passwords, was just the first of a series of major concerns highlighted by the research,” said Colin Robbins, principal consultant at Insight.
“The failure of finance and retail sectors in particular to implement mandated audit requirements is also a grave concern and demonstrates the need for a broader, immediate adoption of integrated identity and access solutions.”
Insight found that 70 per cent of UK firms with more than 5000 employees admitted it was “hard or even impossible” to accurately produce audit reports showing access to their networks, applications or data.
A lack of HR integration has been partly blamed for the situation, where businesses simply fail to update security protocols when an employee leaves the company. The survey, which questioned 259 people, identified this as a major issue still overlooked by half of UK businesses.
However, businesses are beginning to realise the threat. 74 per cent of respondents claimed they were actively looking at new, ‘user-centric’ identity management solutions in an attempt to improve security.
But Robbins warned, “While it is clear that many medium and large enterprise are already investigating new IDAM technology, what has also become clear from our research is that many businesses are simply not doing enough, or are even in many cases wholly unaware of the existing risks to their business and how to go about managing the resources available to them.”
