Account Hygiene
Health of user accounts and access management practices.
Current Value
92%
+3% from previous period
Industry average: 78%
Calculation Method
Composite score based on privileged account reviews, dormant accounts, access certification completion, MFA coverage, and more.
Significance
This KPI assesses the overall health of your identity and access management program. Well-maintained account hygiene reduces the attack surface by minimizing stale or excessive privileges.
Definition
Account Hygiene is a measure of how well your organization manages identities and associated access privileges throughout their lifecycle. It considers access governance processes, authentication practices, privileged access management, and adherence to least privilege principles.
Significance
Compromised accounts and excessive privileges are leading factors in security breaches. According to industry research, over 80% of breaches involve compromised credentials or privilege abuse.
This KPI helps organizations identify weaknesses in their identity management processes that could create attack pathways, such as dormant accounts, excessive privileges, missing MFA, or incomplete access reviews.
Calculation Method
Composite score factoring in:
- Privileged account review coverage and frequency (25%)
- MFA deployment coverage for critical systems (20%)
- Dormant account identification and remediation (15%)
- Access certification completion rate (15%)
- Segregation of duties violation rate (15%)
- Password policy compliance (10%)
Benchmark
Industry average: 78% account hygiene score
Best practice targets: >95% account hygiene score; 100% MFA coverage for privileged accounts; <2% dormant account ratio