Cyberattack exposure in hybrid environments: what IAM teams need

TL;DR: 79% of organisations suffered a cyberattack in the last 12 months, while 45% of attacked organisations faced unplanned expenses to close security gaps, according to Netwrix Research Lab’s survey of 1,309 IT professionals across 104 countries. The data shows hybrid security is still being outpaced by attacker pressure and slow control maturity.

NHIMG editorial — based on content published by Netwrix: 2024 Hybrid Security Trends Report

By the numbers:

• 79% of organizations suffered a cyberattack within the last 12 months, up from 68% in 2023.
• 45% of attacked organizations faced unplanned expenses to address security gaps.
• 62% of organizations have a cyber insurance policy or plan to purchase one within 12 months, up from 59% in 2023.

Questions worth separating out

Q: How should security teams reduce identity risk in hybrid environments?

A: Security teams should start by inventorying identities, privileges, and session paths across cloud, on-premises, and remote access layers.

Q: Why do cyberattacks in hybrid environments so often become expensive?

A: They become expensive because identity evidence is fragmented, so teams spend time proving what happened before they can contain it.

Q: What do organisations get wrong about cyber insurance and identity security?

A: They often treat insurance as a substitute for control maturity.

Practitioner guidance

• Unify identity governance across hybrid estates Build one entitlement inventory that covers cloud, on-premises, remote access, and third-party accounts so teams can see privilege relationships in a single control view.
• Prioritise access evidence for incident containment Make access logs, session records, and account provenance searchable within the same response workflow so investigators can identify scope before recovery costs expand.
• Review standing privilege in cloud and remote workflows Focus on always-on admin rights, long-lived tokens, and service accounts that remain valid across business changes, then remove unnecessary persistence wherever possible.

What's in the full report

Netwrix's full report covers the operational detail this post intentionally leaves for the source:

• Breakdowns of security incidents and their business consequences across the survey sample.
• Historical comparison data from 2023, 2022, and 2020 showing how the trend has shifted over time.
• Commentary from Netwrix security researchers on where organisations are still under-investing in security effort.
• Cyber insurance adoption patterns that help benchmark how peer organisations are responding.

👉 Read Netwrix's 2024 hybrid security trends report →

Cyberattack exposure in hybrid environments: what IAM teams need?

Explore further

View Full Forum →  |  NHI Foundation Course →