This year’s revelation that a security breach at TK Maxx-owner TJX had allowed hackers to access 45 million customer card details should have brought home to organisations the importance of protecting IT systems against attacks that could expose sensitive data. But despite a growing awareness among firms that it only takes one security slip-up to ruin a reputation and tarnish a brand, it seems there’s still a queue of organisations waiting to become the next victim.

With the TJX case still fresh in the memory, eBay, Monster and Gap all recently added their names to the security breach list of shame. Clothing giant Gap became the latest to join the list after a laptop containing the personal details of 800,000 job applicants was stolen from the offices of a third-party contractor.

Clearly, the threat of brand damage and financial penalties is not enough to encourage many firms to upgrade their security systems to better protect user identities and sensitive information. As shown by the charts below, which are based on the findings of a recent report carried out by Freeform Dynamics on behalf of management software vendor CA, some organisations are failing to correlate the need to protect sensitive data with investment in identity management systems.

Of 715 senior IT managers surveyed across Europe and the Middle East, over a quarter said their firm had no plans to deploy identity and provisioning systems, while 22 per cent said they could not see the benefit of deploying integrated IT and physical security procedures for managing employee identities across their lifecycle.

These figures are surprising in light of the growing pressure on firms to stay out of the headlines by improving protection of sensitive data and user identities ­ especially across Europe, where the threat of security breach notification legislation is hanging heavy over organisations. But the figures become more alarming still when you take into account the average size of company the respondents work at. The firms in question are not small outfits with extremely limited IT resources ­ 45 per cent of the respondents work at firms with between 500 and 5,000 employees, while the remaining 55 per cent are at organisations with more than 5,000 staff.

So if the threat of financial losses, tougher laws and bad publicity aren’t enough to emphasise the importance of advanced security systems, maybe it’s time for a different tack ­ one that focuses on the benefits to be gained from identity management investments, rather than on the potential negative repercussions of data breaches.

Federated identity systems, which provide users with one digital identity that they can use to authenticate themselves across multiple internal and external platforms, are a good example of a security solution with many beneficial spin-offs for businesses. The initial drivers for identity federation are likely to be based on firms’ traditional IT security priorities, such as ensuring only the right people get access to data and protecting against sensitive information leaks. But this federated approach can also help firms to gain a competitive advantage by offering customers a better user experience and by making use of additional cross-selling opportunities. Perhaps, if the threat of financial losses isn’t argument enough, a revenue-generating aspect will highlight to firms the value of investments in advanced security and identity systems.