Skip to content

60% of RSA Conference Respondents Identify Employees as the Largest Threat to Their Organization’s Cybersecurity

San Francisco, CA ― RSA Conference 2020 ― February 27, 2020Centrify, a leading provider of Identity-Centric Privileged Access Management solutions, today revealed the results of an onsite poll conducted at RSA Conference 2020, being held this week in San Francisco. The survey asked conference attendees about their cyber hygiene habits at work to determine how much of a threat they posed to their organization’s overall cybersecurity, ultimately revealing that employees themselves pose the largest threat.

Nearly 60% of respondents correctly identified employees as the largest threat to their organization's security, followed by hackers (23%) and third-party vendors/partners (18%).

Additional poll findings further validated why employees pose a cybersecurity threat in the first place:

  • 40% of respondents have tried to bypass a corporate security policy at work
  • Nearly 1 in 4 respondents (23%) use the same passwords for work and personal accounts, defying industry best practices
  • More than 1 in 5 respondents (21%) still store passwords on their phone, computer, or in a printed document, violating industry best practices

“81% of hacking-related breaches leveraged stolen and/or weak passwords, according to Verizon’s Data Breach Investigations Report. All it takes is one employee using a weak password to open the doors,” said Torsten George, Cybersecurity Evangelist at Centrify. “That’s why every organization should enforce frequent password changes and use single sign-on (SSO), and privileged credentials should be stored in a password vault.”

On a positive note, the poll also revealed that less than 15% of respondents reported having previously shared their work login credentials or used someone else’s login credentials at work.

The poll results illustrate that every employee has an important role to play when it comes to protecting their organizations from cybersecurity threats. Simple best practices to help reduce the risk of being compromised include:

  • Make Your Password as Strong as Possible: Passwords should contain a mixture of upper and lowercase letters, numbers, and special characters. Using a password manager will help create long, difficult passwords and manage them for you. In the case of a known data breach, change your password immediately. Passwords for privileged accounts should be rotated every time they are checked back into a password vault.
  • Implement MFA on All Accounts: Multi-factor authentication (MFA) requires users to confirm their identity with another factor other than just a username and password, adding an extra layer of security. This week at RSA, Centrify also announced support for passwordless authentication using biometrics, such as Windows Hello and Apple’s Face ID and Touch ID.
  • Don’t Take the Phish Bait: It’s not always emails that are used to hook you, it’s increasingly text messages and other messaging platforms. The first step in stopping phishing attacks is training employees to recognize, avoid and report any suspicious emails or messages, and conducting periodic simulations of phishing attacks. Vigilance is still the best defense.

Interested in meeting with Centrify at the RSA Conference 2020? Visit us at Booth #1127 in the South Hall. For more information about Centrify, visit


About Centrify
Centrify is redefining the legacy approach to Privileged Access Management by delivering multi-cloud-architected Identity-Centric PAM to enable digital transformation at scale. Centrify Identity-Centric PAM establishes a root of trust, and then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request, and the risk of the access environment. Centrify centralizes and orchestrates fragmented identities, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.