TL;DR: Verizon’s Breach Impact Study found median breach impact rose about 80% between 2019 and 2024, while business interruption became the largest loss category and software supply chain incidents reached a median impact of roughly $252,000, according to Enzoic’s analysis of the report. Identity exposure is no longer just an access problem; it is a business interruption problem that IAM, PAM, and NHI teams have to treat as one control surface.
NHIMG editorial — based on content published by Enzoic: Understanding Modern Breach Impact and identity exposure
By the numbers:
- The median breach impact increased approximately 80% between 2019 and 2024.
- Business interruption losses increased from 21% of known losses in 2023 to 32% in 2024, representing a 51% increase in just one year.
- In the most severe SMB incidents, losses exceeded 7% of annual revenue.
Questions worth separating out
Q: How should security teams reduce breach impact from exposed credentials?
A: Start by ranking exposed credentials by the business services they can reach, not just by privilege labels.
Q: Why do compromised identities increase business interruption risk?
A: Because valid credentials let attackers act like authorised users, which means they can disable systems, alter workflows, or interrupt vendor-dependent processes without immediately triggering obvious alarms.
Q: What do teams get wrong about third-party access risk?
A: They often treat third-party access as a contract issue instead of an identity issue.
Practitioner guidance
- Tie identity telemetry to business interruption exposure Classify credentials, tokens, and partner-linked accounts by the service disruption they could create if abused.
- Review third-party access as a loss driver Inventory vendor, contractor, and software-linked identities that can reach production systems or shared workflows.
- Reduce the lifetime of exposed credentials Set explicit response paths for passwords, API keys, tokens, and certificates found in breach feeds or infostealer telemetry.
What's in the full article
Enzoic's full article covers the operational detail this post intentionally leaves for the source:
- The way Enzoic connects Verizon's DBIR access findings to the Breach Impact Study's loss categories and claim data.
- The breakdown of business interruption, BEC, and third-party loss patterns that practitioners can use for internal reporting.
- The article's discussion of identity exposure as the bridge between initial compromise and downstream operational cost.
- The source analysis linking compromised credentials, vendor relationships, and breach severity across multiple incident types.
👉 Read Enzoic’s analysis of identity exposure and modern breach impact →
Credential abuse and business interruption: what IAM teams need to know?
Explore further
Identity exposure has become a breach impact control, not just an access control. The article’s central value is that it links initial access mechanics to financial outcomes, which is where many IAM programmes still break their reporting model. When exposed credentials survive long enough to be abused, the loss is measured in downtime, recovery cost, and business interruption. Practitioners should treat identity exposure as a leading indicator of incident severity.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who is accountable when credential abuse leads to operational loss?
A: Accountability sits with the teams that own identity lifecycle, privileged access, and business continuity together. If an exposed credential can stop a core service, the responsibility is shared across IAM, security operations, and the application or vendor owner. The control gap is often fragmented ownership rather than a single failed system.
👉 Read our full editorial: Identity exposure is driving breach impact more than teams realise