Overall Risk Score
⚠️
73/100
↑ 8 points vs last month
Financial Risk Exposure
💰
$2.4M
Estimated breach cost
Critical Identities at Risk
👥
247
↓ 12 vs last week
Avg Time to Compromise
⏱️
4.2 hrs
For privileged accounts

Risk Distribution Across Your Organization

24
Critical
87
High
342
Medium
1,246
Low

Top 5 Business-Critical Risks

🎯 SVC_BACKUP - Domain Admin with 620-day-old password
Critical
Service account with Domain Admin privileges, weak password (RC4-encrypted), no MFA. Compromising this account would affect 2,147 identities across all platforms.
Blast Radius: 2,147 identities Time to Compromise: 4-6 hours Financial Impact: $2.4M Remediation ROI: 92% → 15% risk
🔓 37 Finance users without MFA enforcement
Critical
Finance department users with access to sensitive financial systems lack MFA protection. Single credential compromise could lead to fraud or data exfiltration.
Affected Users: 37 Systems at Risk: ERP, Banking Financial Impact: $800K Remediation Time: 15 minutes
👻 142 dormant accounts with active privileges
High
User accounts inactive for 90+ days still retain privileged access to production systems. These are prime targets for credential stuffing and persistence attacks.
Dormant Period: 90-365 days Privilege Level: 64 with admin rights Attack Vector: Credential stuffing Remediation: Disable or remove
🔗 Kerberos delegation enabled on 18 service accounts
High
Service accounts with unconstrained Kerberos delegation allow attackers to impersonate any user to any service, enabling lateral movement and privilege escalation.
Affected Accounts: 18 Attack Type: Kerberos delegation abuse Time to Exploit: <15 minutes Recommendation: Constrained delegation only
☁️ Azure AD/Entra mismatch: 234 identities out of sync
High
Identities with different privilege levels between on-premises AD and Azure AD/Entra. Creates authorization bypass opportunities and compliance gaps.
Out of Sync: 234 identities Impact: Privilege escalation path Compliance Risk: SOX, SOC 2 Remediation: Sync or decouple
Compliance Framework Status
SOC 2 Type II
87%
Status: 13 controls remaining
Priority: Audit logging retention (2555 days)
Next Audit: March 2026
GDPR
92%
Status: 8 requirements remaining
Priority: Right to be forgotten automation
Data Retention: 30 days (configured)
ISO 27001
74%
Status: 26 controls remaining
Priority: Access control documentation
Next Review: January 2026
NIST CSF
83%
Status: 17 subcategories remaining
Priority: Respond & Recover functions
Maturity Level: Level 3 (Repeatable)

Remediation Investment ROI

$2.4M
Potential Breach Cost
(Current Risk)
$180K
Remediation Investment
(All Critical + High)
13.3x
Return on Investment
(Risk Reduction)
6 weeks
Time to Full Remediation
(With Automation)

Recommendation: Prioritize remediation of 24 critical risks first (2 weeks, $45K investment). This reduces overall risk score from 73 to 52 and lowers breach probability by 68%.