Disconnected Apps Pose Growing Cybersecurity Risk, New Research Reveals
A new report by Cerby and the Ponemon Institute, "The Hidden Cybersecurity Threat: Disconnected Apps," highlights a critical but often overlooked vulnerability in enterprise security: applications operating outside centralized identity systems. Based on a survey of 614 IT and security leaders, the findings reveal that 77% of organizations have experienced at least one cybersecurity incident due to unsecured disconnected apps, with nearly half (49%) exposing sensitive data, 44% incurring financial losses, and 31% facing regulatory scrutiny.
Disconnected apps business-critical tools not integrated with identity and access management (IAM) systems account for 30% of all enterprise applications, with 40% of them supporting core workflows and storing privileged data. In a typical organization with 284 apps, this translates to over 80 applications operating beyond identity controls. Alarmingly, 50% of respondents report an increase in disconnected apps, driven in part by the rapid adoption of AI and GenAI tools, many of which lack IT or security oversight.
The report also found that 63% of organizations failed an internal or external audit due to gaps in securing these apps, with 36% failing multiple times. Social media platforms like X, Meta, LinkedIn, and Instagram were cited in 34% of incidents, underscoring the risks of unmanaged third-party integrations. Meanwhile, 63% of identity leaders acknowledge disconnected apps as one of the largest remaining gaps in their IAM programs.
As application environments expand faster than identity systems can adapt, the report warns of a widening security gap, leading to higher breach frequency, operational risks, and rising compliance costs. The findings emphasize the need for organizations to treat disconnected apps as a core part of their identity strategy, extending controls like MFA, credential management, and lifecycle automation to unmanaged systems. Without scalable solutions, the growing disconnect between identity governance and business-critical applications will continue to expose enterprises to preventable threats.
Ponemon Institute cybersecurity rating report: https://www.rankiteo.com/company/ponemon-institute
Cerby cybersecurity rating report: https://www.rankiteo.com/company/cerby
"id": "PONCER1775666009",
"linkid": "ponemon-institute, cerby",
"type": "Vulnerability",
"date": "4/2026",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'type': 'Enterprise organizations'}],
'attack_vector': 'Unsecured disconnected apps',
'data_breach': {'sensitivity_of_data': 'High (privileged data)',
'type_of_data_compromised': 'Sensitive data, privileged data'},
'description': 'A new report by Cerby and the Ponemon Institute highlights a '
'critical but often overlooked vulnerability in enterprise '
'security: applications operating outside centralized identity '
'systems. The findings reveal that 77% of organizations have '
'experienced at least one cybersecurity incident due to '
'unsecured disconnected apps, with nearly half exposing '
'sensitive data, incurring financial losses, and facing '
'regulatory scrutiny.',
'impact': {'data_compromised': '49% of incidents exposed sensitive data',
'financial_loss': '44% of incidents incurred financial losses',
'legal_liabilities': '31% of incidents faced regulatory scrutiny',
'operational_impact': 'Core workflows disrupted (40% of '
'disconnected apps support core workflows)',
'systems_affected': 'Disconnected apps (30% of all enterprise '
'applications)'},
'lessons_learned': 'Disconnected apps represent a core gap in IAM programs '
'and require scalable solutions to extend identity '
'controls to unmanaged systems.',
'post_incident_analysis': {'corrective_actions': 'Extend identity controls to '
'disconnected apps, improve '
'audit compliance',
'root_causes': 'Rapid adoption of AI/GenAI tools '
'without IT/security oversight, '
'lack of integration with IAM '
'systems'},
'recommendations': 'Treat disconnected apps as part of the identity strategy, '
'implement MFA, credential management, and lifecycle '
'automation for unmanaged systems.',
'references': [{'source': "Cerby and Ponemon Institute Report: 'The Hidden "
"Cybersecurity Threat: Disconnected Apps'"}],
'regulatory_compliance': {'legal_actions': '31% of incidents faced regulatory '
'scrutiny',
'regulatory_notifications': '63% of organizations '
'failed an internal or '
'external audit due to '
'gaps in securing '
'disconnected apps'},
'response': {'remediation_measures': 'Extend controls like MFA, credential '
'management, and lifecycle automation to '
'unmanaged systems'},
'title': 'Disconnected Apps Pose Growing Cybersecurity Risk',
'type': 'Data Exposure',
'vulnerability_exploited': 'Lack of integration with identity and access '
'management (IAM) systems'}