Losing your company passwords could cost you millions each year

Passwords
(Image credit: Shutterstock)

Failing to keep company secrets such as credentials, API tokens and SSH keys secure is costing organizations millions each year according to a new report from the business password management company 1Password.

After launching its Secrets Automation offering back in April, the company decided to survey 500 IT and DevOps businesses in the US to learn more about how they secure the secrets that power their digital infrastructure in order to compile its new “Hiding in Plain Sight” report.

The high-tech ecosystems used by today's businesses involve thousands of vulnerable secrets which are often spread out across multiple services with little or no visibility or auditability. To avoid falling victim to a data breach, these secrets must be encrypted and delivered to machines and services safely. 

However, 1Password's report shows there is still a lot of progress to be made when it comes to securing secrets. Of the companies surveyed, 80 percent admit to not managing their secrets well with 52 percent of IT and DevOps workers citing the rapid growth of cloud computing apps as the main reason secrets have become more difficult to manage in recent years.

Risk of a data breach

Organizations that lack a dedicated secrets management solution or framework are left to deal with secrets in a haphazard manner and end up spending 25 minutes per day on secrets management alone at a collective cost $8.5bn per year as a result.

According to 1Password though, the greater threat is the increasing danger of having their secrets exposed in a data breach. Of the organizations surveyed, 60 percent have experienced secrets leakage of some kind and more than three in four IT and DevOps workers still have access to their former employer's infrastructure secrets. Losing secrets can be quite costly for organizations with enterprise businesses spending an average of 1.2m each year due to leaked details.

Secrets sprawl is another big concern as 25 percent of respondents have secrets located in 10 or more different locations. To make matters worse, 50 percent of individual contributors in IT or DevOps roles say they don't know how many different locations their secrets can be found in as there are too many to count.

CEO of 1Password Jeff Shiner provided further insight on the company's report and the current state of secrets management in a press release, saying:

"Secrets are now the lifeblood for IT and DevOps as they seek to support the explosion of apps and services now required in the modern enterprise. Our research reveals that secrets are booming, but IT and DevOps teams are not meeting rigorous standards to protect them -- and in the process are putting organizations at risk of incurring tremendous cost. It's time for companies to take a hard look at how they manage secrets, and adopt practices and solutions to  'put the secret back into secrets' to support a culture of security." 

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
security
The true cost of a security breach
Security padlock in circuit board, digital encryption concept
Rising cost of breaches forces organizations to rethink cybersecurity
API
Businesses are being plagued by API security risks - with nearly 99% affected
1Password
Keep your company's passwords protected with 1Password Business Plan
Cyber-security
The definitive guide to credential collaboration
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI