Orphaned User Accounts Are a Bigger Risk Than We Realize

Ryan in hotel room

A friend of mine who recently switched jobs.

I receive my fair share of PR pitches for surveys, analyst reports, and experts offering their opinion. Mostly, I pass–I prefer to post news, not opinions.

But with over 100,000 tech employees laid off recently, this survey about orphaned user accounts–accounts left active when an employee moves on–seemed particularly timely.

Risk=probability*consequences. While the probability of someone maliciously accessing data seems low, 15% of the respondents reported this happening. And the consequences can be serious.

Symark International surveyed more than 850 security, IT, HR and C-level executives across all industries.


42 percent of businesses do not know how many orphaned accounts exist within their organization.

30 percent of respondents said they have no procedure in place to locate orphaned accounts.

Approximately 27 percent of respondents said that more than 20 orphaned accounts currently exist within their organization.

More than 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month.

More than 38 percent of respondents said that they had no way of determining whether a current or former employee used an orphaned account to access information, while 15 percent said that this has occurred at least once.

More details.