• David Garrity

The 2021 FYEO Report

Future-Proofing The Password: Waking From Corbató’s Nightmare



KEY TAKE-AWAYS:

  • Based on the FYEO Breach Database of over 18 billion credentials, the average internet user has been exposed more than three times.

  • Cybercrime is estimated to be a $1.1 trillion burden on the global economy (1.3% of global GDP), forecast to rise by 2023 to $2.7 trillion (2.8% of global GDP).

  • The average “Value At Risk” (VAR) for Global 2000 corporates from cyberattack is 3% of market capitalization, an average of $4.9 billion.


Executive Summary

Using the FYEO Breach Database of over 18 billion credentials, we estimate the average internet user has been exposed on the dark web 3.2 times in part due to a reliance on password combinations that can be readily hacked. A study of the FYEO top 100 passwords indicates 92% can be cracked in less than 60 minutes, with 65% vulnerable almost instantly. While there have been solutions such as two-factor authentication (2FA) and password managers developed to offset the weaknesses of individuals’ password protection, more than 67% of individuals believe that password management is something that should be incumbent on the enterprises with which they are affiliated as cybersecurity should be viewed as a communal problem depending on more than just individual cooperation to be remedied adequately.


The economic burden of cybercrime on the global economy has been estimated at $1.1 trillion in 2020, roughly 1.3% of global GDP. Should current trends persist, cybercrime’s economic burden could rise to $2.7 trillion, or 2.8% of global GDP, by 2023. Apart from the fact that much cybercrime activity is state-sponsored, the more troubling consideration is that there is at present only an estimated $1 trillion of cyber risk insurance coverage in place and with underwriting standards likely to tighten enterprises are confronting a point where they must increasingly improve their Identity and Access Management (IAM) solutions or face the growing possibility of potentially devastating loss both in economic terms and in terms of reputation. Not to put too fine a point on it, but public companies face the risk of a -3% market capitalization loss in the event of a publicly disclosed cyberattack, a loss that may persist over a 6-month period following disclosure. Using the 2021 Forbes Global 2000 list of public companies and the FYEO Breach Database, we modeled out what the expected impact, or “Value At Risk” (VAR), might be for the 40 companies with the most breached credentials associated with their internet domain name (the “FYEO 40”). The average VAR is $4.9 billion.


Against this threatening backdrop, we introduce our “ID as a Service” (IDaaS) IAM offering which relies on a proprietary patented decentralized data management model that addresses the challenges besetting passwords to date and offers a path towards a more secure digital world. Innovations in credential management such as automating the process of updating breached passwords without user input and disabling the ability to reuse previously saved passwords will take much of the onus off the shoulders of the individual and will help us start to close the gap. Our vision is to make access to digital assets secure and simple for the user while ensuring that the information and assets are trusted and resilient for the enterprise, and in doing so massively reduce the information and economic risks faced by all parties on the Internet.






147 views