Password Security



FAILURE TO SECURE: The 2016 State of Privileged Account Management Report

View the Password Vulnerability Infographic

Weak privileged account management (PAM) is a rampant epidemic at large enterprises and governments globally. Privileged accounts contain the keys to the IT kingdom, and they are a primary target for cybercriminals and hackers-for-hire who are launching increasingly sophisticated cyber-attacks on businesses and costing the world’s economies trillions of dollars in damages.

More than 75% of respondents to a privileged access management survey said they consider PAM to be a high priority to defend against cybercrime — and yet 52% of those companies received a failing grade on the enforcement of proper privileged credential controls. Part of the reason may be because only 10% of them have invested into a vendor solution to automate and get PAM right. Locking down privileged accounts should be on every CISO’s short list. If not, then they are inviting trouble. The path of least resistance for cyber evildoers is access to privileged account information.

“It is no longer acceptable for businesses to assume they can keep attackers off their networks,” said Jim Legg, CEO, Thycotic. “The most damaging cyber-attacks occur when privileged credentials are stolen, giving attackers the same level of access as internal people managing the systems. This puts an organization at the mercy of an attacker’s motivation – be it financial, ransomware or other harm to the business. Our benchmark survey points to the devastating fallout of privileged account takeover, which we hope will hope will cause businesses to expand security strategies beyond trying to stop perimeter attacks.”

Summit Research analyst Srini Nandury recently told Investor’s Business Daily he pegs privileged account management as the industry’s next growth vector.

Cybersecurity Ventures expects the needle on automated (PAM) solutions adoption to move fairly quickly into the 50% range over the next two years.

“We see a huge market need for innovative identity management solutions in cybersecurity” says Mike Triplett, Managing Director, Insight Venture Partners. “We are pleased to add Thycotic to our portfolio of companies and are excited to join them as they continue to grow their customer base and provide organizations with high quality privileged account security solutions.” Founded in 1995, Insight has raised more than $10 billion and invested in more than 200 companies worldwide.

There’s consensus from cybersecurity experts, IT analysts and researchers, media outlets, and investors — the PAM market is poised to be one of the largest cybersecurity spend categories over the next several years. Thycotic has over 7500 customers, deep domain experience and thought leadership that today’s CISOs and IT security practitioners demand.

The 2016 State of Privileged Account Management Report — co-sponsored by Thycotic and Cybersecurity Ventures — is available here.



Steven C. Morgan, Editor-In-Chief

Steve Morgan

    is Founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Market Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Steve oversees all of the editorial for Cybersecurity Ventures. He has written and contributed hundreds of blogs, articles, and reports for the media including ChannelWorld, CIO, Computerworld, Cyber Defense Magazine, Cyber Investing News, CSO, DarkReading, Forbes, Information Security Buzz, Infoworld, Investing News Network, ITworld, Homeland Security Today,, TMCnet, and others.

© 2015 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.