Source: BeyondTrust - 2016 Privilege Benchmarking Study For more information, including 5 recommendations on improving control and accountability over your privileged accounts, download our free report DOWNLOAD REPORT Most top-tiers have an enterprise solution for managing privileged access 78 % 9 % 39 % Only 9 percent of bottom- tiers do, and 39 percent of bottom tiers do nothing Top-tiers grant privilege to the app, not the user 90 % 46 % 46 percent of bottom- tiers do this Most top-tiers say they are “somewhat” or “extremely” efficient at managing credentials 73 % 36 % Only 38 percent of bottom-tiers say the same thing Top-tiers have granularity in how they can restrict the privileged access they grant 88 % 37 % 37 percent of bottom-tiers do Most top-tiers cycle passwords for users “often” or “always” 76 % 14 % 14 percent of bottom- tiers do this 25 percent of bottom-tiers do Top-tiers much more likely to have a centralized privileged password management policy 92 % 25 % Most top-tiers have a tool that provides relative risk for apps or systems that help them when deciding how to grant privilege to that app or system 57 % 6 % 52 % 6 percent of bottom- tiers do, more than half say “they just know” the relative risks 71 % Top-tiers monitor sessions of privileged accounts Top-tiers watch/terminate sessions in real time 45 % 49 % 3 % 49 percent of bottom-tiers monitor sessions of privileged accounts 3 percent of bottom-tiers watch/terminate sessions in real time Most top-tiers score apps or systems based on their relative risk based on vulnerability assessments 91 % 20 % 20 percent of bottom-tiers do Who We Talked To Departments Security Operations 13% Information Technology 76% Executive 10% Legal Compliance 1% Median Number of Employees 1200 Main Office Location Roles 42% Staff 22% Executive 38% Management U.S. 72% Canada 5% U.K. 3% South Africa 1% Netherlands 1% Italy 1% Albania 1% Australia 1% Industries Technology Other Education Government Manufacturing Financial Healthcare Retail Insurance 22% 11% 11% 8% 8% 8% 10% 7% 4% • Online survey fielded in May 2016 • 548 responses • 29 questions • Limited to: Executive, IT, IS, or Legal/Compliance departments Involved with privileged access management Those with the best and worst overall scores were split into top and bottom tiers • 11 questions about privileged access practices • Answers scored based on industry best practices Top-Tier Bottom-Tier Methodology Tiering Methodology Lessons from top-tier organizations PRIVILEGE BENCHMARKING STUDY