Up to 25% of Users Are Granted Access Beyond What is Required To Do Their Job

Published on
March 1, 2024

New York, NY, March 1, 2024 – In its latest Cybersecurity Buyer Intelligence Report (CBIR), titled "Navigating the identity security minefield: Practitioners share lessons learned so others can move forward," CyberRisk Alliance (CRA) offers an in-depth exploration of the intricate balance between securing access and optimizing user experience in Identity and Access Management (IAM). Sponsored by Savvy and CyberArk, this report draws from a comprehensive survey of security practitioners and aims to shed light on the successful tactics and strategies employed by organizations to overcome IAM challenges.

"This CBIR not only provides a roadmap for navigating IAM complexities but also serves as a testament to the power of collective wisdom in cybersecurity," said Bill Brenner, SVP, content strategy at CyberRisk Alliance. "By sharing real-world experiences and strategies, we empower organizations to bolster their defenses while maintaining a frictionless user experience."

Key findings from the report:

  • Increased Adoption Amid Rising Concerns: In the past year, there has been a significant increase in the adoption of IAM policies, with 64% of organizations reporting full or partial implementation. This marks a 20-point increase from the previous year. However, this uptick in adoption is accompanied by a growing concern among IT security professionals about unauthorized access, with three in four respondents expressing more concern than 12 months ago.
  • Challenges in Ensuring Minimum Necessary Access: Despite the rise in IAM implementation, only 27% of respondents are highly confident that their organization effectively limits user access to the minimum necessary for their job roles. This indicates a gap in achieving the principle of least privilege, with many users potentially having more access than required, which poses security risks.
  • Preference for Multifactor Authentication and Single Sign-On: The survey findings highlight a strong inclination towards multifactor authentication (MFA) and single sign-on (SSO) as key components of IAM strategies. These methods are favored for their balance between security and user convenience, suggesting a trend towards security measures that do not significantly impede productivity.
  • Potential of AI in IAM: There's a growing interest in leveraging artificial intelligence (AI) and machine learning (ML) within IAM frameworks. Respondents see significant potential in AI/ML to enhance threat response, make authentication processes more adaptive, and enforce IAM policies more consistently. This reflects an openness to integrating advanced technologies to address evolving security challenges.
  • Economic and Technical Barriers: The research also sheds light on the obstacles hindering further IAM adoption, with costs and technical integration challenges being prominent. Approximately half of the respondents cite the high costs associated with IAM as a major barrier, while others point to difficulties in integrating IAM solutions with existing IT infrastructure.

To access the full report and gain deeper insights into optimizing your IAM framework, visit  

About Savvy

Savvy’s SaaS Security platform provides organizations with unparalleled visibility into SaaS risks. Its just-in-time security guardrails automate security workflows to prevent potential incidents before they take place and provide suggestive guidance that empowers users to make smarter decisions. Savvy provides customizable security automation playbooks that empower security teams to automate responses to various user actions, engage users at critical decision points to prevent incidents, reduce event overload, and improve security outcomes. For more information, visit

About CyberArk

CyberArk is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit, read the CyberArk blogs or follow on LinkedIn, Twitter, Facebook or YouTube.

About CyberRisk Alliance 

CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through our trusted information brands, network of experts, and innovative events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Our brands include SC Media, the Official Cybersecurity Summits, TECHEXPO Top Secret, Security Weekly, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, Cybersecurity Collaborative, ChannelE2E, MSSP Alert, and LaunchTech Communications. Learn more at

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.