In the pursuit of more advanced MFA practices, and in some cases completely passwordless access, many organisations are opting to invest in YubiKeys rather than traditional authentication apps or SMS verification systems.
In September 2022 Forrester conducted a Total Economic Impact report into Yubico Yubikeys, outlining the business benefits of their adoption along with the return on investment seen by organisations.
Security leaders from five separate enterprises already utilising YubiKeys were surveyed, and the findings were heartening for prospective customers. As a headline, Forrester found that the organisations interviewed saw their exposure to security breaches resulting from phishing and credential thefts slashed by 99.9 per cent through the use of YubiKeys, while simultaneously driving business growth, access to high-security contracts, and an overall improvement in their reputation.
The Business Benefits of YubiKeys for Cyber Security
Before utilising YubiKeys, organisations interviewed (particularly those without any MFA software or processes in place) were vulnerable to security risks at a rate unacceptable to their cyber security teams and management. Password policies were overly arduous, and the maintenance involved in password resets and updates was causing strain on IT teams, whereas those with legacy MFA solutions reported poor end user experience, high expenses, and commitments to technologies they had outgrown and were no longer happy with. As noted, following adoption of YubiKeys, the risk of phishing and credential thefts alone was slashed by 99.9 per cent, and interviewees reported high levels of user satisfaction.
“We have a risk-acceptance curve with a predicted cost of risk, and YubiKeys lowered our risk profile significantly. [To win budget for YubiKeys,] I sell YubiKeys as a huge risk reduction.”
Director of Information Assurance
“Ransomware typically gets onto systems via social engineering. Having [YubiKeys as] a second factor of authentication makes social engineering extremely difficult to almost near impossible. That’s where this becomes so important.”
Director of Security Engineering
Through their improved security reputations, mitigated and avoided losses, and the ability to meet the strict security demands of key prospective customers, the use of YubiKeys offered Forrester’s target organisations with new business opportunities and subsequent growth. By promoting their use of YubiKeys, and the associated security benefits, existing clients and new customers alike were able to see the organisations’ commitment to meeting developing security threats head on and place their trust in them accordingly.
“We’ve definitely seen [YubiKeys’] positive impact on reputation and positive feedback.”
IT Product Manager
Media and Communications
“We’re protecting [critical] systems from bad actors [with YubiKeys]. If a breach happened and it was audited and disclosed, the impact to our company’s reputation and potential stock price could be super, super expensive.”
Senior Director of IT
Security Operations Efficiency
Along with reducing the threat and potential financial and reputational consequences associated with phishing and credential attacks, by largely mitigating this concern for the interviewed organisations, YubiKeys substantially freed-up the time and availability of DevSecOps team members.
In addition, because most organisations will find YubiKeys usable out of the box with major open standards and most third-party solutions, the set-up time is minimal and should not be considered a resourcing concern. Note, for those third parties currently not able to support YubiKeys or an open standard, Yubico offers integration support for technology partners.
Help Desk Support Savings
Following adoption of YubiKeys, the interviewed organisations saw a substantial decline in support tickets related to access. This spans password updates, resets, and related support tickets, as well as those tickets associated with authentication apps and legacy MFA solutions.
While the organisations did experience tickets concerning YubiKeys in the early days following implementation, this improved over time and throughout adoption and ongoing use constituted a significant overall reduction in help desk tickets and time spent.
“There usually was a surge in tickets in [whenever phonemakers] release new phones. We’ve actually eliminated that class of tickets completely because we no longer need people to repair their own authenticator when setting up a new device.”
IT Product Manager
Media and Communications
Return on Investment
The organisations interviewed by Forrester saw payback on their original investment in their YubiKeys after only 11 months. Furthermore, the overall return on investment seen by these same companies was calculated at over 200 per cent.
Throughout its study, Forrester demonstrated how YubiKeys not only constitute a sound financial investment for security teams in the long run, but also help organisations looking to improve on their MFA provision while including phish-resistant coverage.