Vectra Identity Exposure Calculator

Calculate Your Organization’s Identity Exposure Risk

Did you know...
of organizations have experienced an 
identity breach.
of those organizations had multi-factor authentication (MFA) in place.

Tell us about your organization to see how we can help

Enter the number of employees at your organization
Thank you! Your submission has been received!

Did you know you have 3x identities for every employee?

User Accounts
Machine/Service Accounts

Which means you have this many identities to protect:


You might say “We have MFA” but...

MFA is used by less than two-thirds (64%) of users.
That means 36% of users can't or don't use MFA.
Plus, MFA cannot be installed on Machine/Service accounts.

So, even with MFA, attackers have at least this many ways of infiltrating your organization:


Attackers only need one to be successful.

When an attacker compromises any one user, machine/service account, the potential impact can cost up to:

Take the next step to reduce identity exposure at your organization

Detect attackers the moment they compromise, hunt for the ones that are already in.

How your estimate was calculated

The Vectra Identity Exposure Calculator is based on the following formulas and findings:

Total number of identities = Number of employees x 3 

(Based on Vectra AI's customer database observations, the total number of identities — both human and machine — is at least 3x the number of employees.)

Number of identities exposed to attackers = Number of total identities x 36%

(Based on the finding that 64% of users authenticate with MFA per Okta)

Additional sources:

  • 90% of breached organizations had MFA in place (Kroll)
  • The average cost of a data breach in 2023 was USD$4.76M for phishing, USD$4.62M for stolen or compromised credentials, USD$4.67M for business email compromises, and USD$4.55M for social engineering. (IBM)
  • 90% of organizations have experienced an identity breach (IDSA)

Legal disclaimer

Accuracy of Information: The Tool is provided for informational purposes only. While we strive to ensure the accuracy and reliability of the information provided, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability of the information contained in the Tool. Any reliance you place on such information is therefore strictly at your own risk.

No Legal Advice: The information provided by the Tool is not intended to constitute legal advice. You should not rely on the information provided by the Tool as an alternative to legal advice from a qualified professional. You should consult with a competent legal professional for specific advice tailored to your situation.


No Endorsement: Reference in the Tool to any specific commercial product, process, or service does not constitute or imply an endorsement or recommendation by us.


Third-Party Websites: The Tool may contain links to third-party websites that are not owned or controlled by us. We have no control over and assume no responsibility for, the content, privacy policies, or practices of any third-party websites. By using the Tool, you expressly relieve us from any and all liability arising from your use of any third-party website.


Modification of Terms: We reserve the right to modify these terms and conditions at any time without prior notice. Your continued use of the Tool following any such modification constitutes your acceptance of the modified terms.


Governing Law: These terms and conditions shall be governed by and construed in accordance with California law without regard to its conflict of law principles.


By using the "Calculate Your Organization’s Identity Exposure Risk" tool, you acknowledge that you have read, understood, and agree to be bound by these terms and conditions. If you do not agree to these terms and conditions, you should not use the Tool.