Skip to content

Overprivileged Users Still a Major Cyber Security Challenge Says New Global Survey

WASHINGTON, DC – April 21, 2020 –  Thycotic, provider of privileged access management (PAM) solutions for more than 10,000 organizations worldwide, including 25 of the Fortune 100, today announced the release of a new research report in conjunction with Cybrary, the cybersecurity and IT workforce training platform enabling organizations to assess, develop, and measure their security skills. The report, titled “2020 Global State of Least Privilege Cyber Security,” reveals organizations are prioritizing, yet struggling, in their attempts to implement least privilege security initiatives.

Surveying more than 250 IT and cybersecurity professionals worldwide in February, Thycotic and Cybrary found that more than two out of three respondents indicated least privilege security was either a top or urgent priority for their organization. Additional survey results highlighted in the report include:

  •       20 percent have already tried and failed to implement a least privilege initiative
  •       47 percent say user complaints were the biggest reason for least privilege failure
  •       36 percent say threats from employees/third parties drive least privilege
  •       22 percent indicate compliance is their main concern triggering least privilege

The 2020 Global State of Least Privilege Cyber Security report, which is available free online, includes key takeaways, recommendations based on survey results, and free resources for organizations to use in planning their own least privilege security program.

“With more than 80 percent of breaches involving the compromise of IT and business users credentials such as IDs and passwords, organizations worldwide need to limit privileged access to services, applications, data, and systems,” according to Thycotic CEO James Legg.  “All it takes is one compromised endpoint user with local administrative privileges for a cyber criminal or malicious insider to exploit access to sensitive information, remain undetected, or even take down an organizations’ entire network.”

One of the more surprising results from the survey, Legg noted, is that 27 percent of respondents are sharing the same local administrator credentials on each machine. He adds,  “At a time when we are experiencing a record number of people required to work from home, it is imperative that we use all the tools at our disposal to enforce least privilege while maintaining productivity. This includes limiting the use of local admin credentials on end user endpoints and training users on how least privilege makes organizations more secure.”

One of those tools, according to Tom Condrasky, Cybrary’s Vice President for Business Development, is the wealth of cybersecurity online education and training available on-demand at  While a majority of organizations do not provide any training for users either on Privileged Access Management or the principle of least privilege, the report suggests that organizations should make use of their existing training budgets to enhance the knowledge and skills of their staff. 

In addition to a free Cybrary on-demand training course on Privileged Access Management, Thycotic has also published a free eBook entitled, “Least Privilege Cybersecurity for Dummies.”

“This survey report serves as a wake-up call for IT and cybersecurity professionals around the world,” Legg concluded. “As more and more employees find themselves working remotely, the implementation of least privilege cybersecurity will only grow in importance as one of the most effective ways to help protect our users while they strive to remain productive.”