New research shows disconnected applications lead to cyber incidents, audit failures and rising operational costs, as identity gaps widen
Cerby, in conjunction with The Ponemon Institute, today published a new research report, “The Hidden Cybersecurity Threat: Disconnected Apps,” revealing that critical gaps in identity coverage are actively exposing enterprises to increased cyber risk and audit failures. Researchers found that 77% of organizations experienced at least one cybersecurity incident due to the inability to secure disconnected applications. Among those reported incidents, 44% suffered financial loss, 31% faced regulatory scrutiny and nearly 50% experienced exposure of sensitive or confidential data.
Based on a survey of 614 IT and security leaders, the report underscores major vulnerabilities surrounding disconnected apps — business applications that are not fully integrated with an organization’s identity systems. This class of applications has long been overlooked, with security teams treating them as edge cases or low-priority exceptions within otherwise mature identity programs. This creates a significant and often underestimated risk surface that is growing in prevalence.
The data shows that disconnected apps are widespread and deeply embedded in core day-to-day operations. On average, 30% of enterprise applications sit outside centralized identity systems, 40% of such applications are business-critical, supporting core workflows, housing sensitive data and granting privileged access. In a typical enterprise environment of 284 applications, that equates to more than 80 applications operating outside the identity control plane. And more than half of respondents report that the number of disconnected apps in their environment is growing.
“This is quickly becoming a compounding problem for security teams,” said Matt Chiodi, chief strategy officer at Cerby. “Disconnected applications are increasing in number and importance, but they remain outside the reach of core identity controls. This growth without governance is driving real-world incidents, audit failures and a widening gap between perceived and actual security.”
Key Findings From The Hidden Cybersecurity Threat: Disconnected Apps:
- 63% of organizations report failing an internal or external audit at least once due to gaps in securing disconnected applications. Of those organizations, 36% failed more than once.
- 87% of respondents say their organization has adopted AI or GenAI in some capacity, which is driving the rise in disconnected apps. More than half report that this adoption lacks oversight from IT or security.
- 34% said incidents involving disconnected applications included social media platforms such as X (formerly Twitter), Meta, LinkedIn or Instagram.
- 63% of identity leaders agree or strongly agree that disconnected applications represent one of the largest remaining gaps in their IAM program.
Future Outlook for Enterprise Cyber Risk Exposure
As application environments expand, the disconnected layer is growing faster than identity systems can keep up. Without a scalable way to extend controls beyond the connected layer, the gap is widening, leaving an increasing number of business-critical applications outside centralized security and governance. The result: more frequent, higher-impact security breaches, greater operational risk and escalating compliance costs.
To close the identity gap, organizations must stop treating disconnected applications as exceptions and start treating them as a core part of their identity strategy. They must redefine their identity scope based on risk (not just on what can be integrated), gain full visibility into unmanaged applications, and extend controls such as credential management, MFA and lifecycle automation to systems that fall outside traditional identity frameworks. It is also crucial to eliminate manual provisioning and audit processes so that access is consistently governed and continuously auditable across the entire environment.