As Told By Adopters: YubiKeys’ ROI

The need for security is non-negotiable. It remains a top priority universally – online, offline, on vacation or at home. With more workers signing on in a variety of locations these days enterprises remain at risk of compromising sensitive data via phishing and stolen credentials. 

Yubico’s YubiKeys, hardware-based phishing-resistant multi-factor authentication (MFA) solutions, exist to reduce such risk. Yubico commissioned Forrester Consulting to evaluate the potential financial impact of deploying YubiKeys. We interviewed five of their enterprise customers (across manufacturing, energy, transportation, media and B2B technology industries) and summarized the results via a composite framework in the newly released study “The Total Economic Impact™ of Yubico YubiKeys.” 

Infrastructure and staffing required to protect against breaches demands a significant investment – the study does not discount this. Yet, the findings also do not understate the cost of a security breach exposure, especially when employees, users and partners are counting on an organization to keep their data and authentication secure. 

YubiKeys delivered a risk-adjusted three-year return on investment of 203% and a payback period of 11 months.

What comprises the 203%? YubiKeys significantly reduces risk exposure to theft attacks. Those interviewed stated a 99.9% risk reduction of phishing and credential threat attacks, virtually eliminating social engineering. Moreover, we were able to find that the sum of all other benefits (to be discussed below) alone outweighs the cost over a three-year period. These additional benefits met the common challenges shared among our interviewed organizations, a portion of which previously used alternate MFA solutions.

So, what are those added benefits? Here’s a snapshot:

#1: Improved reputation and ability to win security-related contracts

Through active promotion of YubiKeys during prospect calls, several organizations gained access to new clients with high-security requirements consequently increasing profit from improved reputability. The study attributes 50% of revenue from better deal conversions to YubiKeys.

#2: Security operations efficiency labor savings

By simplifying password policies and reducing policy management, organizations reallocated time for their DevSecOps employees to higher value tasks.  

#3: Help desk support savings

Not only did DevSecOps save time, the IT help desk saw a 75% reduction in password-related help desk tickets after YubiKey adoption. 

#4: Improved end-user productivity

Thanks to YubiKeys, customers no longer needed to memorize passwords and meet stringent requirement processes; instead, they appreciated the simplicity (and time savings) of tapping the YubiKey to enter their system. The study finds half an hour saved per employee per password update and two hours saved per password reset. 

Yet, this isn’t all we heard. 

Some benefits aren’t quantifiable but are equally important. Customers lean on YubiKeys for an improved employee experience (goodbye legacy hardware frustration), flexible purchasing with YubiEnterprise Subscription and for an extensive built-in partner and vendor ecosystem. This allows customers to share what’s working and what’s not with others on their MFA journeys. Those interviewed stressed the ability to leverage open standards for MFA, adapting as the industry evolves. When it comes to security, the only “us vs them” ought to be enterprises against hackers, right?

The decision to choose YubiKeys cannot be attributed to a single factor. A Product owner of authentication in the manufacturing industry states: 

“We chose Yubico for a few reasons. … We like the flexibility of the various tokens with USB-A, USB-C, [Lightning, and NFC]. … We like that they have a lot of different ways you can utilize them. We can utilize them as an event driven token, an HOTP token with a button press, or basically as a static password similar to a security card.”     

 An IT product manager, media and communications industry adds:

“[YubiEnterprise Subscription] lets us choose. Over time, we went with a YubiKey 5C NFC, which is what we were looking for to get the combination. But if we were to branch it out into other types of keys we were offering [to users], it would be very easy for us to add that then.”

Finally, within the media and communications industry, the same IT product manager recounts: 

“Our decision to go with YubiKeys was the enterprise distribution platform and the ability to do sort of point-to-point distribution. We chose a model that met our needs and could do the fulfillment.”

After all, it’s purposefully built as a solution that is NOT a one-size-fits-all product. Authentication is yours, and yours alone. To read more about the path to a passwordless future, and to let the customers speak for themselves, check out: “The Total Economic Impact™ of Yubico YubiKeys.”

————————

Editor Note: For more information on the Forrester report: The Total Economic Impact of Yubico YubiKeys, be sure to join our webinar on October 11 at 9 a.m. PT. 

Talk to our teamTalk to our team

Share this article:


  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless
  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard