"Who Had Access?" Can Cost You Millions
The Regulator's First Question: "Who Had Access?" Why Your Answer Will Define Everything.
Source: Trescudo Intelligence • Author: Evangeline Smith, MarCom • October 7, 2025
You're in the boardroom. The worst has happened. You've had a material breach. Across the table, the regulators from the Autoriteit Persoonsgegevens (AP) or the Financial Services and Markets Authority (FSMA) are not interested in the complexities of the malware. Their first, and most critical, question is always the same: "Who had access?"
How you answer that question will define the next chapter for your business. It will determine the severity of the fines, the duration of the investigation, and the long-term damage to your brand. An answer of "we think..." or "it's likely..." is an admission of a catastrophic failure in cybersecurity governance.
For too many organisations, this question triggers a moment of panic. It means weeks of forensic chaos, digging through terabytes of logs, trying to piece together a puzzle from incomplete data. But it doesn't have to be this way. The answer should be a simple, immediate, and auditable report, not a multi-week investigation.
The Privileged Access Problem: A Crisis of Control
The statistics paint a grim picture. According to the 2025 Verizon Data Breach Investigations Report (DBIR), a staggering 68% of all breaches involve the human element, with the use of stolen credentials being a primary vector. Privileged accounts—the "keys to the kingdom" used by administrators, developers, and critical systems—are the ultimate prize for attackers.
When these accounts are compromised, the consequences are devastating.
Real-World Example: The Change Healthcare Catastrophe
In early 2024, the U.S. healthcare system was thrown into chaos. The cause? Attackers compromised a single, remotely accessible IT support server at Change Healthcare that lacked multi-factor authentication. With this one privileged entry point, they moved laterally, exfiltrated massive amounts of data, and deployed ransomware, crippling healthcare payments and patient care for months. The answer to "Who had access?" was a single, unsecured privileged account that led to a multi-billion-dollar crisis.
This is the modern reality. Your most powerful accounts are your biggest liabilities, and manually managing them with shared passwords and spreadsheets is a recipe for disaster.
Quote from Derick Smith, CEO, Trescudo:
"The Change Healthcare incident is a brutal lesson in the importance of privileged access control. It proves that a single, overlooked administrative account can be the thread that unravels the entire organisation. In the era of NIS2 and DORA, a failure to secure these accounts is not just a technical failing; it's a direct failure of corporate governance."
From Reactive Forensics to Proactive Control
At Trescudo, our philosophy is to move our clients from a state of reactive forensics to one of proactive control. The goal isn't just to solve the puzzle after the breach; it's to ensure the puzzle never exists in the first place.
This requires a fundamental shift in mindset, built on three core principles:
Assume Breach: Operate on the assumption that an attacker is already inside your network.
Enforce Least Privilege: Ensure that every user, human or machine, has the absolute minimum level of access required to do their job.
Audit Everything: Maintain a complete, immutable, and easily accessible record of all privileged activity.
The Solution: Trescudo & Segura Partnership
How do we achieve this? We partner with the best in the industry. We design, implement, and manage solutions from Segura, a recognised Gartner Magic Quadrant Leader in Privileged Access Management (PAM).
By leveraging the power of the Segura platform, we build a "single source of truth" for all privileged activity in your organisation. We transform the chaos of unmanaged access into a secure, automated, and fully auditable system.
Quote from Marçal Santos, (CISM, CDPSE), Trescudo:
"A modern PAM solution is the ultimate tool for provable governance. It doesn't just protect your critical systems; it provides the definitive, time-stamped evidence you need to satisfy regulators. It's the difference between a confident, factual answer and a costly, chaotic investigation."
The Definitive Answer
Let's return to the boardroom. The regulator has asked their question. With a proactive, Trescudo-managed PAM solution in place, your answer is no longer a guess. It's a definitive, time-stamped record, delivered with confidence:
"This user. At this time. From this location. They performed these specific, authorised actions, and here is a full, immutable recording of their session."
This is the power of true cybersecurity governance. This is the confidence that turns a crisis into a manageable, well-documented event.
Are you prepared to provide that definitive answer? The time to build your defensible posture is now, not during a crisis. Schedule your complimentary Privileged Access Readiness Briefing today.
https://clients.trescudo.com/form1
Verified Intelligence Sources & Further Reading
Verizon 2025 Data Breach Investigations Report (DBIR):
Change Healthcare Cyberattack Analysis:
Gartner Magic Quadrant for Privileged Access Management:
Regulatory Context (NIS2 & DORA):