A recent Centrify survey of IT professionals attending the RSA Conference found that 26 percent of respondents share passwords, and 78 percent have fallen victim to a phishing email.
Just 55 percent of respondents believe their company's current technology investment is sufficient to ensure security.
Among identity and access management (IAM) best practices, respondents are most likely to enforce single sign-on (68 percent), adaptive multi-factor authentication (43 percent), least privileged access (44 percent), and no sharing of privileged accounts (36 percent).
A separate Forrester study of 203 enterprise IT security decision makers, sponsored by Centrify, found that two thirds of organizations experienced an average of five or more security breaches in the past two years, and that hackers compromised over a billion identities in 2016 alone.
"Cyber security breaches are causing more havoc and affecting more industries than ever before," Centrify CEO Tom Kemp said in a statement. "Despite over $75 billion spent on cyber security in 2016, the products and services from major security companies have failed to stop breaches from occurring, and in fact, the problem is getting worse."
The study found that 83 percent of organizations don't have a mature approach to IAM, with that lack of maturity resulting in twice as many breaches and $5 million more in costs than at organizations with a mature IAM approach.
Separately, a report from Thycotic and Cybersecurity Ventures anticipates that by 2020, the total number of user and privileged accounts at risk will exceed 300 billion passwords.
More than 3 billion user credentials and passwords were stolen in 2016, with over 8 million passwords stolen a day. The report predicts that cybercrime damages could reach $6 trillion by 2021.
"It is a very scary truth that everyone, especially those running businesses, should [be] aware of," Thycotic's Joseph Carson said in a statement. "Our passwords are not safe, which is concerning as they are literally the key to some of the more important information that businesses hold."
"Privileged account passwords especially are prime targets for hackers, for good reasons," Carson added. "One privileged account password breach can allow a hacker to access and steal the credentials and passwords belonging to every employee in a company."
By 2020, the report predicts, Fortune 500 employees will have an average of 90 accounts requiring user names and passwords -- putting the total number of passwords belonging to Fortune 500 employees at 5.4 billion.
A recent survey of 2,000 respondents by Singapore's Cyber Security Agency recently found that while almost three in five respondents were extremely concerned about the security of their personal and financial information, 33 percent admitted that they store their passwords on their computer or write them down, and 31 percent use the same passwords for work and personal accounts.
Photo courtesy of Shutterstock.