74% of Data Breaches Start With Privileged Credential Abuse

Posted on

Apr 13th, 2019

The Facts and Figures Behind Data Breaches

According to Centrify, privileged data abuse is the leading cause of data breaches in corporations. This insight comes from a survey it conducted among 1,000 IT executives in the US and the UK. The results were contained in a new report which highlights that “74% of breaches involved access to a privileged account.”

That figure also correlates quite well with the findings from the Verizon 2017 Data Breach Investigation Report.

It found that a massive 81% of breaches were directly related to passwords which were either stolen, weak, or simply default passwords which organizations failed to change to more secure ones.

It is important for companies to realize that breaches are not only outside threats, very often they occur from within the organization.

The Cost of Data Breaches

Data privacy and data protection go hand-in-hand. Data privacy is currently a global hot button issue with most organizations ensuring they are compliant with new laws and regulations.

Many organizations, however, must also face the less publicized but very real threats which lax data protection policies pose. Perhaps the most obvious of those threats is the amount of money companies stand to lose from each breach.

The IBM-sponsored Cost of a Data Breach study reveals that not only are data breaches on the rise, but they are also becoming costlier. Interestingly, breaches based in the US tend to have the highest cost, racking up a bill of nearly $8 million for the organization involved.

IBM breaks that figure down to $148 per “lost or stolen record containing sensitive and confidential information.” The report can be downloaded here where you will also find an intriguing interactive data breach cost calculator.

The ramifications of data breaches involve much more than the obvious monetary losses. There is also the issue of the lack of trust which companies can face from current and prospective customers, as well as from investors and business associates. This demoralizing lack of trust can also settle among employees and affect their productivity.

You Must Secure Your Company’s Data – Here’s How to Do It

The key factor in securing an organization’s data is the implementation of Privileged Access Management (PAM) strategies, sometimes referred to as Privileged Account Management.

A privileged user is anyone who has administrative access to various critical systems within a company’s IT network. It is not just select employees who have privileged access. There are also vendors, automated users and contractors, to name a few.

These privileged users may have the authority to install software and to change or delete user accounts. Their status might also give them access to confidential or secure information.

It is very obvious to most persons that not everyone can or should have privileged access. Where most companies fall short, however, is in realizing that it is still vitally important to monitor and control the actions of those who do. This is where PAM comes in.

It gives you the ability to:

Minimize or eliminate malware attacks which often focus on gaining access to privileged accounts
Regulate which systems a particular privileged user account can access so as to prevent access to forbidden data
Ensure that IT administrators can quickly and easily access the accounts of privileged users when they need to
Provide (and easily terminate) privileged access to vendors and anyone else who only needs it on a temporary basis
Fulfill audit requirements by creating a secure audit trail of privileged account actions
Remain compliant with industry regulations

An effective PAM solution can mean the difference between spending millions of dollars recovering from a data breach and using that money to invest in your company’s growth.

Another effective way to make sure you don’t fall victim to a data breach is to properly dispose of all your IT hardware. This will prevent your sensitive data from accidentally ending up in the wrong hands.

If need help with your IT recycling, get in touch with us today to learn how we can help. We would be more than happy to help you start safeguarding your company against the threats posed by privileged credential abuse.

Christopher Madeira
Director of Marketing
ITAD Communications & Strategy Expert
Snapshot / Quick Stats
- 15+ years of experience in marketing strategy, brand development, and communications
- Specialized in IT asset disposition (ITAD) messaging for compliance-driven industries
- Former leadership roles at The Chronicle of Higher Education, CQ Press, and other respected publishers
- Key focus areas: Market Trends, Client Education, ITAD Compliance Messaging, Thought Leadership, SEO-Driven Strategy
Areas of Specialization
- Market Trends & Competitive Analysis – Tracks shifts in ITAD, resale, and sustainability markets to shape strategy and keep Securis ahead of industry developments.
- ITAD Compliance & Security Messaging – Crafts clear narratives that translate regulatory and data security requirements into approachable guidance for IT leaders.
- Client & Stakeholder Education – Builds educational resources and thought leadership content that empower clients to make informed ITAD decisions with confidence.
Professional Narrative (Career Journey)
Christopher Madeira is the Director of Marketing at Securis, where he shapes how the company communicates its mission of Secure, Accurate, and Sustainable IT Asset Disposition to regulated industries, government agencies, and enterprise clients. With more than 25 years of experience in marketing and communications, Christopher brings a unique perspective on how to bridge technical ITAD processes with clear, client-centered storytelling.
Before joining Securis, Christopher served in senior marketing roles across publishing and education organizations, including The Chronicle of Higher Education, CQ Press, and Congressional Quarterly. These positions gave him deep expertise in shaping brand positioning, leading cross-functional teams, and delivering content that informs and engages decision-makers.
At Securis, Christopher drives marketing strategies that not only build awareness but also educate IT leaders on data security, compliance, and sustainability best practices. His work ensures that Securis remains a trusted voice in the ITAD industry, aligning brand authority with the company’s core differentiators: Secure, Accurate, and Sustainable services.
Quote
“Clear communication makes complex ITAD issues approachable for IT leaders.”
Thought Leadership & Recognition
Christopher is the author of numerous Securis blog articles on compliance, sustainability, and ITAD strategy. He has also developed content campaigns that help IT decision-makers understand the evolving landscape of secure data destruction, ESG reporting, and value recovery.
Personal
A strategist at heart, Christopher is passionate about helping organizations cut through the noise and understand the real risks — and opportunities — in ITAD. Outside of his professional work, he enjoys exploring D.C.’s history, traveling, connecting with his community, and aviation photography.
Trust & Transparency
Christopher ensures that every piece of Securis’ external communication is not only accurate but also aligned with the certifications and compliance standards that define the company’s reputation. His commitment to transparency reinforces Securis’ standing as a trusted partner for IT asset disposition.
Recent Posts
AI Server Recycling For Data Centers
Law Enforcement Body Camera Data Destruction: Compliance, Risk, and Defensible End-of-Life Practices
Healthcare IT Asset Disposition: Why Secure and Accurate ITAD Protects PHI and Strengthens Compliance
ITAD Budgeting: How IT Leaders Build a Secure, Accurate, and Cost-Efficient Disposition Strategy
ITAD ROI: How IT Leaders Capture More Value Through Accurate, Fast, and Secure IT Asset Disposition