Vectra Identity Exposure Calculator

Calculate Your Organization’s Identity Exposure Risk

Did you know...

90%

of organizations have experienced an  identity breach.

90%

of those organizations had multi-factor authentication (MFA) in place.

Tell us about your organization to see how we can help

Enter the number of employees at your organization

Thank you! Your submission has been received!

Did you know you have 3x identities for every employee?

User Accounts

Machine/Service Accounts

Which means you have this many identities to protect:

Calculating...

You might say “We have MFA” but...

MFA is used by less than two-thirds (64%) of users.

That means 36% of users can't or don't use MFA.

Plus, MFA cannot be installed on Machine/Service accounts.

So, even with MFA, attackers have at least this many ways of infiltrating your organization:

Calculating...

Attackers only need one to be successful.

When an attacker compromises any one user, machine/service account, the potential impact can cost up to:

$4.76M

Take the next step to reduce identity exposure at your organization

Detect attackers the moment they compromise, hunt for the ones that are already in.

Schedule an Identity Exposure Gap Analysis

Find out more about ITDR

How your estimate was calculated

The Vectra Identity Exposure Calculator is based on the following formulas and findings:

‍

Total number of identities = Number of employees x 3

(Based on Vectra AI's customer database observations, the total number of identities — both human and machine — is at least 3x the number of employees.)

‍

Number of identities exposed to attackers = Number of total identities x 36%

(Based on the finding that 64% of users authenticate with MFA per Okta)

‍

Additional sources:

90% of breached organizations had MFA in place (Kroll)
The average cost of a data breach in 2023 was USD$4.76M for phishing, USD$4.62M for stolen or compromised credentials, USD$4.67M for business email compromises, and USD$4.55M for social engineering. (IBM)
90% of organizations have experienced an identity breach (IDSA)

Legal disclaimer

Accuracy of Information: The Tool is provided for informational purposes only. While we strive to ensure the accuracy and reliability of the information provided, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability of the information contained in the Tool. Any reliance you place on such information is therefore strictly at your own risk.

‍

No Legal Advice: The information provided by the Tool is not intended to constitute legal advice. You should not rely on the information provided by the Tool as an alternative to legal advice from a qualified professional. You should consult with a competent legal professional for specific advice tailored to your situation.

No Endorsement: Reference in the Tool to any specific commercial product, process, or service does not constitute or imply an endorsement or recommendation by us.

Third-Party Websites: The Tool may contain links to third-party websites that are not owned or controlled by us. We have no control over and assume no responsibility for, the content, privacy policies, or practices of any third-party websites. By using the Tool, you expressly relieve us from any and all liability arising from your use of any third-party website.

Modification of Terms: We reserve the right to modify these terms and conditions at any time without prior notice. Your continued use of the Tool following any such modification constitutes your acceptance of the modified terms.

Governing Law: These terms and conditions shall be governed by and construed in accordance with California law without regard to its conflict of law principles.

By using the "Calculate Your Organization’s Identity Exposure Risk" tool, you acknowledge that you have read, understood, and agree to be bound by these terms and conditions. If you do not agree to these terms and conditions, you should not use the Tool.

Explore more Identity Exposure Resources

Learn how attackers bypass prevention — and how Vectra AI can guide you in conducting a Red Team exercise to understand your identity exposure.

Infographic

Different Ways Attackers Can Bypass Prevention

Identity is the new perimeter for both defenders and attackers, see how attackers bypass prevention such as MFA and endpoint protection.

Download

Blog

Vectra AI Threat Briefing: Scattered Spider

Learn who the attack group Scattered Spider is, how they operate, and how your organization can defend against their tactics with Vectra AI.

Learn more

Vectra AI Attack Labs

Unveiling the Threat: Defending Against MFA Bypass Attacks

Join us for an expert-led webinar as we explore the anatomy of an MFA bypass attack and unveil new vulnerabilities.

Watch on demand

Blog

Vectra ITDR Finds Identity Attacks Other Tools Can’t

Vectra AI finds attacks others miss across Network Active Directory, Entra ID (Azure AD) and cloud identity.

Learn more

Blog

You Should Get MAAD-AF About Emulating Attacks

Security teams need the right Red Team tools to understand gaps and ensure proper visibility.

Learn more

Ebook

Breakdown of Emerging Hybrid Attacker Methods

See how real attackers gain access with plans to progress, and where security teams can prioritize their tactics before it’s too late.

Download