Password Statistics: What Are Passwords Costing You?

Beyond Identity Blog

Passwords have been around since the 1960s, and are often seen as the status quo for customer authentication (by the way, our founder, Jim Clark, is very sorry for contributing to its proliferation). Even though passwords account for more than 89% of web application breaches, many still have faith that a password will provide the security their organization requires. Interestingly enough, even the very first password ever used was stolen—only confirming that passwords simply don’t measure up when it comes to security.

Cybersecurity professionals know how insecure passwords are, but putting a number to that insecurity can be difficult. Here, we’re going beyond the known issues to address the true financial cost of passwords to your organization. Read on to discover key password statistics that will show you how much passwords are actually hurting your bottom line.

Cost of Customer Drop-off

Did you know that the average cart abandonment rate for businesses hovers around 70%? This is already a frustratingly high number for most organizations, but password challenges increase it even more so. Imagine your potential revenue if you could easily reduce those abandonment rates? What kind of loss could you be facing if you don’t make the switch to passwordless?

The good news is, we don’t have to imagine.

By resisting making the switch to passwordless, you are losing out on potential customers, easily lowering your cart abandonment rates, and dramatically increasing revenue. But far more intimidating repercussions lie below...

Costs of a Security Breach

While everyone knows a data breach can be catastrophic, few can actually put into numbers how detrimental it can be. With credentials easily available for purchase on the dark web, anyone can be a hacker, which means any organization can be vulnerable to attack as long as passwords are being used. Let’s look at the figures.

  • Cost of breaches: The average cost of a data breach is $3.86 million, with the US being the most costly ($8.64 million), and the healthcare sector standing out as the most targeted industry ($7.13 million). This is no surprise, as the pandemic gave malicious threat actors the perfect opportunity to attack the healthcare industry while resources were already stretched thin.
  • Days lost: On average, it takes 280 days to contain a breach. That’s hundreds of hours of lost work, resources wasted, and projects held up because of that breach. Not only that, but your public reputation will be tarnished, and other businesses and customers will be reluctant to do business with you in the future. 
  • Stock decline: Companies experience an average stock price decline of 5% immediately following the disclosure of their breach. A stock price decline signals that your organization has taken a reputational hit—not good for optics or future projections.
  • Fines: As of June 7th, 2021, there have been a total of 692 GDPR fines for a total amount of over 293 million euros. Yikes.

Operational Costs of Passwords

Contrary to what many believe, passwords are not free, even though the technology itself can be freely implemented. In addition to security breach costs, there are also serious operational costs associated with passwords, such as... 

  • Help desk costs: Forrester Research found the average help desk labor cost for just a single password reset is $70, and large US-based organizations allocate over $1 million annually for password-related support costs. Imagine the financial success organizations could experience if they were able to put that $1 million towards product, marketing, or recruiting….
  • Service: Popular SMS solutions price a single shortcode sent at $0.0075 per text. At a first glance this looks very affordable, but let’s put it into perspective. Let’s assume a business has a million users logging in once a week. This would run the company roughly $90,000. If user login frequency increased to twice a week, it would double that amount to $180,000. This cost scales as your user base grows and can be a significant budget item. 
  • Developer cost: In addition to shipping new product features, developers have to refactor and maintain code including those that have to do with application authentication. Unfortunately, the latter takes up more time than ideal. The research found that developers spend 17.3 hours on average per week on maintenance (i.e. dealing with bad code/errors, debugging, refactoring, modifying). This costs companies more than $85 billion annually. (It’s literally cheaper to send people to the moon!)

Passwordless with Beyond Identity is Free

In January this year, Beyond Identity made the decision to make passwordless authentication free for unlimited users, forever. No strings attached. 

When you go passwordless with Beyond Identity, you can:

  • Reduce drop-off by taking friction out of registration and login
  • Eliminate password resets and lower support costs for resolving authentication issues
  • Make credential attacks impossible to execute to better protect customer data
  • Preserve engineering resources with simple integration and reliable performance 

Learn more about going passwordless with Beyond Identity here today