In the past 24 months, 72% of organisations experienced at least one attack.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityCyber attack
Organisations self-identifying as "Advanced" in their identity posture follow only 4.7 out of 12 best practices.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
Identity
Of organisations that experienced attacks, 38% of breaches stemmed from compromised employee credentials.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityCredentialsCompromised credentials
The top consequences of breaches reported were operational downtime (71%), reputational damage (45%), and financial loss (41%)
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityBreach consequencesDowntimeReputationFinancial loss
Only 60% of organisations enforce multi-factor authentication (MFA) for all users.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityMFA
46% of organisations experienced multiple attacks in the past 24 months.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityMultiple cyber attacks
74% of IT decision-makers rate their identity posture as "Established" or "Advanced".
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
Identity
14% of organisations failed multiple compliance audits due to identity-related issues.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityCompliance auditFailed compliance audit
Only 40% of organisations conduct regular user access reviews.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityUser access review
34% of organisations have failed a compliance audit due to identity-related issues.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityCompliance auditFailed compliance audit
85% of organisations are "extremely" or "very" confident in their ability to detect breaches within 24 hours.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityData breachDetectionConfidence
36% of organisations experienced a data breach involving identity credentials.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityData breachIdentity credentials
Less than 3 in 10 organisations allocate more than 20% of their cybersecurity budget to identity security.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityCybersecurity budget
Just 27% of organisations enforce a least privilege access model.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityLeast privilege
38% of organisations suffered a phishing attack that led to unauthorised access.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
IdentityPhishingUnauthorized access
Organisations self-identifying as "Established" in their identity posture follow 5.1 best practices.
BeyondIDThe Confidence Paradox: Delusions of Readiness in Identity Security·Jul 30, 2025
Identity