TL;DR: Measurable credential-risk reduction is a financial control, not just an operational metric, as IBM estimates each leaked record in a breach costs $173. Bitwarden’s Access Intelligence update adds report visualisation that tracks credential risk over time by application, item, or member, giving security teams historical context for decisions and leadership reporting.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- $173., record leaked during a data breach costs the company an average of $173.
Questions worth separating out
Q: How should security teams measure whether credential risk is actually decreasing?
A: Security teams should measure credential risk as a trend, not a snapshot.
Q: Why do risk trends matter in credential management programmes?
A: Risk trends show whether identity controls are changing the exposure profile or merely documenting it.
Q: What do teams get wrong about reporting credential risk?
A: Teams often report counts without context, which makes it hard to tell whether the programme is improving.
Practitioner guidance
- Build trend-based credential KPIs Track risk by application, item, and member over weekly and monthly intervals so remediation is measured as movement, not just volume.
- Assign owners to the reporting lens Map application-level findings to application owners, item-level findings to credential owners, and member-level findings to access governance teams.
- Use exportable evidence for leadership reviews Package the trend view into CSVs or presentation graphics that show whether risk is declining after remediation cycles.
What's in the full announcement
Bitwarden's full blog post covers the operational detail this post intentionally leaves for the source:
- How the Access Intelligence activity tab renders risk trends by application, item, and member
- How weekly and monthly intervals change the way teams interpret credential-risk movement
- How CSV export and presentation graphics are used to communicate progress to leadership
- How the update fits into Bitwarden's existing Access Intelligence workflow
👉 Read Bitwarden's update on risk-over-time reporting for Access Intelligence →
Credential risk trends over time: what IAM teams need to measure?
Explore further
Trend visibility is now part of credential governance, not just reporting. When identity teams can see whether risk is rising or falling over time, they move from reactive cleanup to programme management. That shift matters because credential exposure is a lifecycle problem, not a single-event problem. The practitioner conclusion is that governance maturity now depends on proving direction of travel, not merely identifying outliers.
A few things that frame the scale:
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows how quickly one identity failure can repeat across environments.
A question worth separating out:
Q: How do identity teams turn credential-risk reporting into executive value?
A: They translate remediation activity into measurable business outcomes, such as reduced exposure, fewer critical risks, and clearer accountability. Executive value comes from showing direction of travel and linking that movement to lower breach likelihood, not from presenting raw technical data alone.
👉 Read our full editorial: Risk over time reporting changes credential governance for enterprises