The Confidence Paradox: Delusions of Readiness in Identity Security

In the past 24 months, 72% of organisations experienced at least one attack.

Organisations self-identifying as "Advanced" in their identity posture follow only 4.7 out of 12 best practices.

Of organisations that experienced attacks, 38% of breaches stemmed from compromised employee credentials.

The top consequences of breaches reported were operational downtime (71%), reputational damage (45%), and financial loss (41%)

Only 60% of organisations enforce multi-factor authentication (MFA) for all users.

46% of organisations experienced multiple attacks in the past 24 months.

74% of IT decision-makers rate their identity posture as "Established" or "Advanced".

14% of organisations failed multiple compliance audits due to identity-related issues.

Only 40% of organisations conduct regular user access reviews.

34% of organisations have failed a compliance audit due to identity-related issues.

85% of organisations are "extremely" or "very" confident in their ability to detect breaches within 24 hours.

36% of organisations experienced a data breach involving identity credentials.

Less than 3 in 10 organisations allocate more than 20% of their cybersecurity budget to identity security.

Just 27% of organisations enforce a least privilege access model.

38% of organisations suffered a phishing attack that led to unauthorised access.

Organisations self-identifying as "Established" in their identity posture follow 5.1 best practices.