Key Findings
96% of CISOs believe that multi-factor authentication (MFA) cannot keep up with evolving threats.
19% of Chief Information Security Officers (CISOs) expect a significant increase in new tasks for their IT or security teams due to security risks or vulnerabilities related to AI.
78% of Chief Information Security Officers (CISOs) expect AI to create moderate or significant increases in security workloads as they address new vulnerabilities.
92% of Chief Information Security Officers (CISOs) reported that their company has implemented, begun implementing, or plans to implement passwordless authentication in 2025, a significant increase from 70% in 2024.
98% of CISOs expressed that multi-factor authentication (MFA) is not doing enough to protect employees.
38% of Chief Information Security Officers (CISOs) believe zero trust is the future of cybersecurity.
67% of organizations expect to complete their transition from Virtual Private Networks (VPNs) to zero trust access by 2026, reflecting a significant shift in security practices.
The number of completed rollouts of passwordless authentication initiatives doubled in 2025 compared to the previous year, highlighting a rapid increase in implementation.
52% of Chief Information Security Officers (CISOs) identified reduced risk of password reuse, phishing, and exploits as the top benefit of passwordless authentication in 2025.
In 2025, 98% of Chief Information Security Officers (CISOs) expressed doubt over the ability of multi-factor authentication (MFA) to adequately protect employees, showing a slight decrease from 99% in 2024.
22% of Chief Information Security Officers (CISOs) reported having a formal strategy for incorporating AI identities into their organization's zero-trust security architecture, while 78% did not have such a strategy.
59% of Chief Information Security Officers (CISOs) expect a moderate increase in new tasks for their IT or security teams due to security risks or vulnerabilities related to AI.
13% of Chief Information Security Officers (CISOs) believe that zero trust only works for certain organizations in 2025, down from 22% in 2024.
97% of Chief Information Security Officers (CISOs) view Network Access Control (NAC) as a critical component of any zero trust framework.
93% of Chief Information Security Officers (CISOs) reported that their perception of Network Access Control (NAC) has improved in the past year.
78% of Chief Information Security Officers (CISOs) anticipate higher security workloads due to vulnerabilities linked to AI models, data exposure, and agent behaviour.
In 2025, 83% of companies reported increasing their investment in Network Access Control (NAC), while only 2% indicated a decrease in investment.
87% of companies are increasing their Network Access Control (NAC) budgets in 2025, up from 83% in 2024.
CISOs reported a 17 percentage point increase in clarity regarding their cyberinsurance coverage for insider threats in 2025.
CISOs reported a 17 percentage point increase in clarity regarding their cyberinsurance coverage for insider threats in 2023.
40% of Chief Information Security Officers (CISOs) reported that they continually evaluate their cyberinsurance premiums in 2025, a significant decrease of 28 percentage points from 68% in 2024.
39% of CISOs indicated stronger security and user experience as a benefit of passwordless authentication.
42% of CISOs complained about frequent password changes in 2025, a decrease from 51% in 2024.
36% of CISOs reported poor training as an issue in 2025, down from 45% in 2024.
52% of CISOs cited reduced risk of password reuse, phishing, and exploits as a benefit of passwordless authentication.
78% of Chief Information Security Officers (CISOs) lack a formal strategy for managing AI identities within zero trust frameworks.
59% of Chief Information Security Officers (CISOs) report they are currently developing their strategy for managing AI identities within zero trust frameworks.
65% of Chief Information Security Officers (CISOs) anticipate major updates to their security stack to implement zero trust in 2026, an increase from 46% in 2024.
78% of Chief Information Security Officers (CISOs) expect AI to create moderate or significant increases in security workloads as they address new vulnerabilities in 2023.
55% of Chief Information Security Officers (CISOs) reported being concerned about job loss after a cybersecurity breach in 2025, a decrease from 77% in 2024, indicating a rising confidence in their defenses and the value of their expertise.
92% of Chief Information Security Officers (CISOs) reported active or planned passwordless initiatives, up from 70% in 2024, indicating a significant increase in adoption.
39% of Chief Information Security Officers (CISOs) noted better employee experience as a benefit of passwordless authentication.
96% of Chief Information Security Officers (CISOs) reported that multi-factor authentication (MFA) still lags behind modern threats, showing little change from the previous year's figure of 100%.
CISOs reported a 16 percentage point increase in clarity regarding their cyberinsurance coverage for regulatory fines and penalties in 2025.
26% of Chief Information Security Officers (CISOs) reported clarity on coverage for phishing attacks in 2025, down from 41% in 2024.
Only 40% of companies constantly reevaluated their cyberinsurance premiums in 2025, a significant decrease from 68% in 2024.
42% of employees expressed that password changes are too frequent in 2025, down from 51% in 2024, indicating a decrease in frustration over the past year.
CISOs reported a 15 percentage point increase in clarity regarding their cyberinsurance coverage for supply chain attacks in 2025.
41% of CISOs reported improved employee productivity as a benefit of passwordless authentication.
50% of CISOs reported that policies still slow employee work in 2025, while 46% find them tedious.
22% of Chief Information Security Officers (CISOs) have a formal strategy for managing AI identities within zero trust frameworks.
98% of Chief Information Security Officers (CISOs) identified cloud-based Network Access Control (NAC) as the top factor behind their improved perception of NAC.
42% of employees expressed that password changes are too frequent in 2025, down from 51% in 2023, indicating a decrease in frustration over the past year.
50% of employees reported that security policies interfere with or slow down their work.
41% of Chief Information Security Officers (CISOs) reported improved productivity as a benefit of passwordless authentication.
Among the CISOs without a formal AI strategy in 2025, 59% are currently building their AI strategy.
77% of Chief Information Security Officers (CISOs) expect that achieving zero trust will require significant updates or a complete overhaul in 2025, a sharp increase from 49% in 2024.
24% of Chief Information Security Officers (CISOs) find it difficult to implement zero trust in 2025.
67% of organizations expect to complete the shift from legacy VPNs to zero trust alternatives by next year, while 93% plan to do so by 2027.
93% of Chief Information Security Officers (CISOs) reported that their perception of Network Access Control (NAC) has improved over the past yea with 98% attributing this positive change to cloud-based NAC solutions.
In 2025, 87% of companies plan to increase their investment in Network Access Control (NAC), with 4% expecting to decrease their investment.