Venafi Study: Financial Services Firms More Vulnerable to Certificate-Related Outages

Over one-third of global finance CIOs acknowledge organizations experienced an outage in the last six months

SALT LAKE CITY — July 16, 2019 — Venafi®, the leading provider of machine identity protection, today announced the results of a study examining the scale and frequency of certificate-related outages in financial services organizations. Over 100 chief information officers (CIOs) in the financial services industry from the U.S., U.K., France, Germany and Australia participated in the study.

Venafi’s study found that financial services organizations are more likely to have digital certificate-related outages than other industries. In the last six months, 36 percent experienced an outage that impacted critical business applications or services. In addition, financial services CIOs are more concerned about the impact of certificate-related outages on their customers.

“Organizations from every sector struggle with certificate-related outages on critical infrastructure, but it’s clear that these issues are even more pronounced in the financial services industry,” said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “The entire sector is focused on trust, performance and reliability, so they can’t afford service interruptions. At the same time, the industry has been transformed by open banking initiatives. As a result, financial services organizations rely on machine identities to secure and protect a wide range of business-critical, machine-to-machine communication. Unfortunately, these critical security assets are often unmanaged and unprotected, even though they protect mobile applications, containerization initiatives and cloud architectures.”

Leading analysts report that the average cost of a critical infrastructure outage in Global 5000 organizations can average $5,600 per minute, or more than $300,000 per hour. For large networks, severe outages can take days to resolve and cost as much as $500,000 per hour or more. Certificate-related outages can be especially problematic in highly digital sectors like the financial services industry, where the impact on business revenue often goes hand in hand with customer experience and satisfaction.

Additional findings from Venafi’s study include:

  • Outages impact the reputations of financial services organizations. 50 percent said they are concerned their companies’ reputations would be damaged by certificate-related outages.

 

  • Future outages may be more severe. 34 percent said they are concerned the increasing interdependencies between technologies and services will make future outages even more painful.

 

  • Certificate usage is skyrocketing in the financial services sector. 82 percent estimate certificate usage in their organizations will grow by 25 percent or more in the next five years, with 56 percent anticipating minimum growth rates of more than 50 percent.

While humans rely on usernames and passwords to identify themselves and gain authorized access to applications and services, machines use digital certificates to serve as machine identities in order to communicate securely with other machines and gain authorized access to applications and services. This year, organizations will spend over $10 billion to protect and manage passwords, but they will spend almost nothing to protect and manage machine identities. Most organizations do not have a clear understanding of how many machine identities are in use, which devices are using them, and when they will expire. This lack of comprehensive visibility and intelligence leads to outages.

Resources:

Blog: Venafi Study: Are Financial Service Organizations More Likely to Suffer Certificate-Related Outages?

White Paper: CIO Study: Certificate-Related Outages Continue to Plague Organizations

About Venafi

Venafi is the cybersecurity market leader in machine identity protection, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise – on premises, mobile, virtual, cloud and IoT – at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With over 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S., U.K., Australian and South African banks; and four of the top five U.S. retailers. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.

For more information, visit: www.venafi.com.