As the priority for managing digital identities intensifies, organizations are encountering severe identity security risks. Recent findings indicate that many businesses are struggling with frequent breaches and inadequate security measures, particularly concerning machine identities. Despite increased efforts and awareness, issues such as compromised credentials and complex system vulnerabilities persist.
The proliferation of non-human identities
Entro Security | 2025 State of Non-Human Identities and Secrets in Cybersecurity report | September 2024
- 97% of non-human identities (NHIs) have excessive privileges, increasing unauthorized access and broadening the attack surface.
- 92% of organizations expose NHIs to third parties, resulting in unauthorized access if third-party security practices are not aligned with organizational standards.
- 71% of non-human identities are not rotated within the recommended time frames, increasing the risk of compromise over time.
Identity-related incidents becoming severe, costing organizations a fortune
IDSA | 2024 Trends in Identity Security report | May 2024
- 22% of businesses see managing and securing digital identities as the number one priority of their security program, up from 17% in 2023. 89% of organizations are concerned with employees using corporate credentials for social media.
- Consistent with 2023, 89% of businesses are somewhat or very concerned that new privacy regulations will impact identity security.
- 96% of respondents report AI/ML will be beneficial in addressing identity-related challenges, with 71% stating the number one use case is identifying outlier behaviors.
Machine identities lack essential security controls, pose major threat
CyberArk | 2024 Identity Security Threat Landscape Report | May 2024
- 93% of organizations had two or more identity-related breaches in the past year.
- 50% of organizations expect identities to grow 3x in the next 12 months (average: 2.4x). 61% of organizations define a privileged user as human-only.
Technological complexity drives new wave of identity risks
ConductorOne | 2024 Identity Security Outlook Report | May 2024
- When asked to describe their top identity and access management challenges, 47% of respondents cited the complexity of existing systems, followed by employees’ resistance to change (38%), limitations due to available tools (33%), and executives’ resistance to change (32%).
- 47% of survey respondents said their company’s identity security strategy and access policies hinder team productivity, with 23% citing a significant hindrance on productivity.
- 84% reported either a moderate or significant increase in their company’s budget allocation for identity and access-related products this year.
Consumers continue to overestimate their ability to spot deepfakes
Jumio | 2024 Online Identity Study | May 2024
- Fraud is an all-too-familiar issue for many consumers across the globe, with 68% of respondents reporting that they know or suspect that they’ve been a victim of online fraud or identity theft, or that they know someone who has been affected.
- While 46% of the consumers who were or suspected they were a victim of online fraud or identity theft said the ordeal was a minor inconvenience, 32% said it caused significant problems and several hours of administrative work to resolve, and 14% went as far as calling it a traumatic experience.
- When creating a new online account, global consumers said taking a picture of their ID and a live selfie would be the most accurate form of identity verification (21%), with creating a secure password coming in at a close second (19%).
Only 45% of organizations use MFA to protect against fraud
Ping Identity | Fighting The Next Major Digital Threat: AI and Identity Fraud Protection Take Priority | May 2024
- 97% of organizations are experiencing challenges with identity verification, and 52% are very concerned about credential compromise, followed by account takeover (50%).
- 54% of respondents are very concerned that AI technology will increase identity fraud, and only 52% expressed high confidence in their ability to detect a deepfake of their CEO.
- While only 38% have implemented a strategy to use decentralized identity (DCI) as a protection against fraud for both customers and employees, this is an increase from last year when only 13% had implemented.
Malicious logins from suspicious infrastructure fuel identity-based incidents
Expel | Annual Threat Report 2024 | February 2024
- 69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren’t expected for a user or organization.
- Identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC, a volume increase of 144% from 2022 to 2023.
Digital nomads amplify identity fraud risks
Regula | Identity Verification in a Globalized World | January 2024
- 40% of business decision-makers highlight the increase in fraud as a primary challenge when it comes to identity verification for digital nomads.
- 80% of decision-makers directly associate the digital nomad movement with identity fraud, saying that it is increasing the number of forged or counterfeited documents organizations find during verification.
- The average growth in identity document fraud is stated to be 14%; however, in the Insurance industry, it is 22%, and in the Financial and Banking Services it is nearly 19%.