Identity failed more organizations this year, and the damage hit harder.
The takeaway: without decisive action, leaders will see risks grow sharper, losses deeper, and recovery slower.
That’s one of several warnings from the 2026 RSA ID IQ Report, which surveyed more than 2,000 global experts to understand how often identity security failed them, what it cost, and where they see the greatest threats ahead.
The data tells a clear story. The identity gap is widening. Most companies still depend on legacy tools that can’t keep pace with modern attacks. Passwords remain the dominant method of authentication, and the weakest link.
Those who cling to them report more breaches and greater financial fallout.
Many want to go passwordless but are held back by complex systems and tough edge cases. Meanwhile, few have the defences needed to stop social engineering and IT help desk bypass attacks, both of which are on the rise. And although most firms track human, machine, and service identities, the ongoing breach rate shows that this visibility rarely translates into real protection.
Still, there’s optimism. Experts are turning to AI to close the gap.
Across industries, more security teams believe AI will strengthen defences rather than aid malefactors. A growing number are already integrating AI into their cybersecurity stacks. And by a wide margin, they see agentic AI (AI that can act and adapt on its own) as the next big leap in cyber defence.
The report’s key findings are:
- 69% of organizations reported an identity-related breach in the last three years.
- 45% of organizations said that identity-related data breaches cost them more than the average data breach.
- 70% of organizations said that identity breaches caused them significant harm.
- 65% of organizations said they were seriously concerned that their IT help desk or service desk would fail to stop a social engineering attack.
- 75% of organizations are operating in hybrid environments, a 5-percentage point increase from 2025.
- 90% of organizations reported challenges in moving toward passwordless authentication.
- 57% of organizations continue to use passwords as their primary method of authentication.
- 83% of organizations believe AI will do more to help cybersecurity than cybercrime.
- 91% of organizations plan to implement some form of AI into their tech stack over the next year
- 93% of organizations have not reached optimal Zero Trust maturity.
Identity is the New Perimeter
James Maude, Field CTO at BeyondTrust, says: “Given the complexities of the modern identity landscape it is all too easy for attackers to exploit identities and use them to cross organizational and technological silos by exploiting the paths to privilege associated with those identities.”
He says we are living in an age where identity compromise is becoming so common that only the most significant losses are worth reporting. “It bears repeating that identity has become the new perimeter and organizations, as well as individuals, are starting to realize this and better understand and protect their identity attack surface.”
Foundational, Identity-aware Microsegmentation
“This latest report underscores the critical necessity for the establishment of a foundational, identity-aware, microsegmentation program,” adds Agnidipta Sarkar, Chief Evangelist at ColorTokens. “Such a program is vital for limiting an attacker’s ability to exploit valid accounts and for reducing the opportunities for lateral movement within compromised networks. “The importance of internal network segmentation cannot be overstated. This strategy serves to minimize the potential blast radius when existing controls falter.”
Shift Focus to Non-human Identities
Elad Luz, Head of Research at Oasis Security, adds that as the adoption of multi-factor authentication (MFA) continues to grow, human identities will become increasingly difficult for threat actors to target. “Consequently, we anticipate that attackers will shift more of their focus to non-human identities, which are often secured by only a single factor and therefore present an easier target. Both attackers and security solutions are likely to expand their use of generative AI, leveraging it for tasks such as secret scanning to enhance detection coverage and adaptability.”
Isolate Affected Systems
Fletcher Davis, Director of Research at BeyondTrust, says: “Once an attack occurs, companies should immediately investigate the initial scope of the breach, isolating affected systems to contain activity. To prevent future incidents, organizations should implement strict vendor access controls with time-limited permissions and continuous monitoring of third-party activities, establish robust IT help desk verification processes that require multi-factor authentication (MFA) before password resets or system changes, and create clear protocols for validating identity through multiple channels before granting access.”
AI-powered Analysis
“Traditional security approaches of updating defenses to combat general threat tactics are no longer sufficient to protect sensitive information and systems,” explains John Watters, CEO and Managing Partner at iCOUNTER. “To effectively defend against AI-driven rapid developments in targeted attacks, organizations need more than mere actionable intelligence—they need AI-powered analysis of attack innovations and insights into their own specific weaknesses which can be exploited by external parties.”
Trusting Autonomous Agents for Defense
Nicole Carignan, Senior Vice President, Security & AI Strategy, and Field CISO at Darktrace, adds that the integration of AI into core business operations has significant implications for the workforce. “As adversaries double down on the use and optimization of autonomous agents for attacks, human defenders will become increasingly reliant on and trusting of autonomous agents for defense.”
She says transparency and explainability in the AI outcomes are critical to foster a productive human-AI partnership. “Security practitioners—and teams in legal, compliance, and risk—must upskill in AI technologies and data governance.”
The Adoption of AIBOM
Diana Kelley, Chief Information Security Officer at Noma Security, says AI risks have rapidly moved from a watch list item to a front-line security concern, especially when it comes to data security and misuse. “As vulnerabilities increase, the adoption of an AI Bill of Materials (AIBOM) is the foundation for effective supply chain security and AI vulnerability management. Robust red team and pre-deployment testing remain vital as does runtime monitoring and logging which round out the approach by providing the visibility to detect and in some cases even block, attacks during use.”
Deeply Personal, Context-aware Assistance
“We’re quickly seeing AI evolve from simple automation to deeply personalized, context-aware assistance—and it’s heading toward an Agentic AI future where tasks are orchestrated across domains with minimal human input,” says Randolph Barr, Chief Information Security Officer at Cequence Security.
“So, while organizations are absolutely starting to think about model protections, prompt injection, data leakage, and anomaly detection, those efforts mean little if you haven’t locked down identity, access, and configuration at a foundational level. Security needs to be part of the development lifecycle from day one, not simply an add-on at launch,” he ends.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.