The need for security is non-negotiable. It remains a top priority universally – online, offline, on vacation or at home. With more workers signing on in a variety of locations these days enterprises remain at risk of compromising sensitive data via phishing and stolen credentials.
Yubico’s YubiKeys, hardware-based phishing-resistant multi-factor authentication (MFA) solutions, exist to reduce such risk. Yubico commissioned Forrester Consulting to evaluate the potential financial impact of deploying YubiKeys. We interviewed five of their enterprise customers (across manufacturing, energy, transportation, media and B2B technology industries) and summarized the results via a composite framework in the newly released study “The Total Economic Impact™ of Yubico YubiKeys.”
Infrastructure and staffing required to protect against breaches demands a significant investment – the study does not discount this. Yet, the findings also do not understate the cost of a security breach exposure, especially when employees, users and partners are counting on an organization to keep their data and authentication secure.
YubiKeys delivered a risk-adjusted three-year return on investment of 203% and a payback period of 11 months.
What comprises the 203%? YubiKeys significantly reduces risk exposure to theft attacks. Those interviewed stated a 99.9% risk reduction of phishing and credential threat attacks, virtually eliminating social engineering. Moreover, we were able to find that the sum of all other benefits (to be discussed below) alone outweighs the cost over a three-year period. These additional benefits met the common challenges shared among our interviewed organizations, a portion of which previously used alternate MFA solutions.
So, what are those added benefits? Here’s a snapshot:
#1: Improved reputation and ability to win security-related contracts
Through active promotion of YubiKeys during prospect calls, several organizations gained access to new clients with high-security requirements consequently increasing profit from improved reputability. The study attributes 50% of revenue from better deal conversions to YubiKeys.
#2: Security operations efficiency labor savings
By simplifying password policies and reducing policy management, organizations reallocated time for their DevSecOps employees to higher value tasks.
#3: Help desk support savings
Not only did DevSecOps save time, the IT help desk saw a 75% reduction in password-related help desk tickets after YubiKey adoption.
#4: Improved end-user productivity
Thanks to YubiKeys, customers no longer needed to memorize passwords and meet stringent requirement processes; instead, they appreciated the simplicity (and time savings) of tapping the YubiKey to enter their system. The study finds half an hour saved per employee per password update and two hours saved per password reset.
Yet, this isn’t all we heard.
Some benefits aren’t quantifiable but are equally important. Customers lean on YubiKeys for an improved employee experience (goodbye legacy hardware frustration), flexible purchasing with YubiEnterprise Subscription and for an extensive built-in partner and vendor ecosystem. This allows customers to share what’s working and what’s not with others on their MFA journeys. Those interviewed stressed the ability to leverage open standards for MFA, adapting as the industry evolves. When it comes to security, the only “us vs them” ought to be enterprises against hackers, right?
The decision to choose YubiKeys cannot be attributed to a single factor. A Product owner of authentication in the manufacturing industry states:
“We chose Yubico for a few reasons. … We like the flexibility of the various tokens with USB-A, USB-C, [Lightning, and NFC]. … We like that they have a lot of different ways you can utilize them. We can utilize them as an event driven token, an HOTP token with a button press, or basically as a static password similar to a security card.”
An IT product manager, media and communications industry adds:
“[YubiEnterprise Subscription] lets us choose. Over time, we went with a YubiKey 5C NFC, which is what we were looking for to get the combination. But if we were to branch it out into other types of keys we were offering [to users], it would be very easy for us to add that then.”
Finally, within the media and communications industry, the same IT product manager recounts:
“Our decision to go with YubiKeys was the enterprise distribution platform and the ability to do sort of point-to-point distribution. We chose a model that met our needs and could do the fulfillment.”
After all, it’s purposefully built as a solution that is NOT a one-size-fits-all product. Authentication is yours, and yours alone. To read more about the path to a passwordless future, and to let the customers speak for themselves, check out: “The Total Economic Impact™ of Yubico YubiKeys.”
Editor Note: For more information on the Forrester report: The Total Economic Impact of Yubico YubiKeys, be sure to join our webinar on October 11 at 9 a.m. PT.