This means that most companies treat the security of applications that are their lifeblood exactly the same as, say, their internal holiday booking system. This has to be wrong.

The reality is that perimeter security is no longer what businesses should be prioritizing and with Forrester estimating that 80% of data breaches involve compromised privileged credentials, businesses need to rethink their strategies. Companies should always assume that the hacker is already in, as our research shows: nearly 56% of large organizations in EMEA have experienced an incident that resulted in data loss, integrity issues and service disruptions affecting business-critical applications in the last two years, while only a third (34%) of organizations hadn’t faced any incidents over the last 24 months that affected them.

It’s time for businesses to consider their organizational risk as a whole. Perimeter security alone is no longer enough, and businesses need to build up from the assumption that the hacker is already in. This means their security policies need to embed layered protection across all areas of the enterprise: from endpoints, on-premises and cloud security to SaaS and vaulting privileged accounts.

The message is clear: businesses should focus on minimizing the damage that can be done to key applications so they can continue to run seamlessly even in the event of a breach. The days of generic security policies are over.