A lack of control over cryptographic keys and certificates could leave large UK businesses open to attack.
According to research by Venafi and the Ponemon Institute, the typical UK Fortune 500 company has five or six million keys and certificates in use at any one time, potentially creating a significant target for attack. This, the report said, could amount to a potential threat exposure costing UK businesses £247 million.
Calum Macleod, EMEA evangelist at Venafi, said: “With every business and government department across the UK relying on cryptographic keys and certificates in order to operate, failure to manage just one can result in serious attacks or unplanned system outages.
“Criminals understand how difficult it is to control trust, and by failing to have the correct controls in place to manage or secure certificates and keys, businesses have opened themselves up to risk on a daily basis.”
The report said that on average, enterprises are projected to risk losing an average of £22 million every two years due to attacks on cryptographic keys and digital certificates, with a maximum possible cost exposure of £247 million per organisation. It also found that there are 1.3 exploits against weak cryptography per 24 months per enterprise - leading to costs of approximately £80 million for each business.
Macleod said: “It is extremely concerning to know that so many businesses are aware of the security impacts certificate and key oversight can have on a business, yet are still doing nothing to combat the problem. Unless organisations sit up and take notice of this growing problem the threat and the amount of money lost by organisations each year will only increase.”