Portnox

96% of CISOs believe that multi-factor authentication (MFA) cannot keep up with evolving threats.

19% of Chief Information Security Officers (CISOs) expect a significant increase in new tasks for their IT or security teams due to security risks or vulnerabilities related to AI.

78% of Chief Information Security Officers (CISOs) expect AI to create moderate or significant increases in security workloads as they address new vulnerabilities.

92% of Chief Information Security Officers (CISOs) reported that their company has implemented, begun implementing, or plans to implement passwordless authentication in 2025, a significant increase from 70% in 2024.

98% of CISOs expressed that multi-factor authentication (MFA) is not doing enough to protect employees.

38% of Chief Information Security Officers (CISOs) believe zero trust is the future of cybersecurity.

67% of organizations expect to complete their transition from Virtual Private Networks (VPNs) to zero trust access by 2026, reflecting a significant shift in security practices.

The number of completed rollouts of passwordless authentication initiatives doubled in 2025 compared to the previous year, highlighting a rapid increase in implementation.

52% of Chief Information Security Officers (CISOs) identified reduced risk of password reuse, phishing, and exploits as the top benefit of passwordless authentication in 2025.

In 2025, 98% of Chief Information Security Officers (CISOs) expressed doubt over the ability of multi-factor authentication (MFA) to adequately protect employees, showing a slight decrease from 99% in 2024.

22% of Chief Information Security Officers (CISOs) reported having a formal strategy for incorporating AI identities into their organization's zero-trust security architecture, while 78% did not have such a strategy.

59% of Chief Information Security Officers (CISOs) expect a moderate increase in new tasks for their IT or security teams due to security risks or vulnerabilities related to AI.

13% of Chief Information Security Officers (CISOs) believe that zero trust only works for certain organizations in 2025, down from 22% in 2024.

97% of Chief Information Security Officers (CISOs) view Network Access Control (NAC) as a critical component of any zero trust framework.

93% of Chief Information Security Officers (CISOs) reported that their perception of Network Access Control (NAC) has improved in the past year.

78% of Chief Information Security Officers (CISOs) anticipate higher security workloads due to vulnerabilities linked to AI models, data exposure, and agent behaviour.

In 2025, 83% of companies reported increasing their investment in Network Access Control (NAC), while only 2% indicated a decrease in investment.

87% of companies are increasing their Network Access Control (NAC) budgets in 2025, up from 83% in 2024.

CISOs reported a 17 percentage point increase in clarity regarding their cyberinsurance coverage for insider threats in 2025.

CISOs reported a 17 percentage point increase in clarity regarding their cyberinsurance coverage for insider threats in 2023.

40% of Chief Information Security Officers (CISOs) reported that they continually evaluate their cyberinsurance premiums in 2025, a significant decrease of 28 percentage points from 68% in 2024.

39% of CISOs indicated stronger security and user experience as a benefit of passwordless authentication.

42% of CISOs complained about frequent password changes in 2025, a decrease from 51% in 2024.

36% of CISOs reported poor training as an issue in 2025, down from 45% in 2024.

52% of CISOs cited reduced risk of password reuse, phishing, and exploits as a benefit of passwordless authentication.

78% of Chief Information Security Officers (CISOs) lack a formal strategy for managing AI identities within zero trust frameworks.

59% of Chief Information Security Officers (CISOs) report they are currently developing their strategy for managing AI identities within zero trust frameworks.

65% of Chief Information Security Officers (CISOs) anticipate major updates to their security stack to implement zero trust in 2026, an increase from 46% in 2024.

78% of Chief Information Security Officers (CISOs) expect AI to create moderate or significant increases in security workloads as they address new vulnerabilities in 2023.

55% of Chief Information Security Officers (CISOs) reported being concerned about job loss after a cybersecurity breach in 2025, a decrease from 77% in 2024, indicating a rising confidence in their defenses and the value of their expertise.

92% of Chief Information Security Officers (CISOs) reported active or planned passwordless initiatives, up from 70% in 2024, indicating a significant increase in adoption.

39% of Chief Information Security Officers (CISOs) noted better employee experience as a benefit of passwordless authentication.

96% of Chief Information Security Officers (CISOs) reported that multi-factor authentication (MFA) still lags behind modern threats, showing little change from the previous year's figure of 100%.

CISOs reported a 16 percentage point increase in clarity regarding their cyberinsurance coverage for regulatory fines and penalties in 2025.

26% of Chief Information Security Officers (CISOs) reported clarity on coverage for phishing attacks in 2025, down from 41% in 2024.

Only 40% of companies constantly reevaluated their cyberinsurance premiums in 2025, a significant decrease from 68% in 2024.

42% of employees expressed that password changes are too frequent in 2025, down from 51% in 2024, indicating a decrease in frustration over the past year.

CISOs reported a 15 percentage point increase in clarity regarding their cyberinsurance coverage for supply chain attacks in 2025.

41% of CISOs reported improved employee productivity as a benefit of passwordless authentication.

50% of CISOs reported that policies still slow employee work in 2025, while 46% find them tedious.

22% of Chief Information Security Officers (CISOs) have a formal strategy for managing AI identities within zero trust frameworks.

98% of Chief Information Security Officers (CISOs) identified cloud-based Network Access Control (NAC) as the top factor behind their improved perception of NAC.

42% of employees expressed that password changes are too frequent in 2025, down from 51% in 2023, indicating a decrease in frustration over the past year.

50% of employees reported that security policies interfere with or slow down their work.

41% of Chief Information Security Officers (CISOs) reported improved productivity as a benefit of passwordless authentication.

Among the CISOs without a formal AI strategy in 2025, 59% are currently building their AI strategy.

77% of Chief Information Security Officers (CISOs) expect that achieving zero trust will require significant updates or a complete overhaul in 2025, a sharp increase from 49% in 2024.

24% of Chief Information Security Officers (CISOs) find it difficult to implement zero trust in 2025.

67% of organizations expect to complete the shift from legacy VPNs to zero trust alternatives by next year, while 93% plan to do so by 2027.

93% of Chief Information Security Officers (CISOs) reported that their perception of Network Access Control (NAC) has improved over the past yea with 98% attributing this positive change to cloud-based NAC solutions.