A new report from RSA, the security-first identity leader, reveals
significant challenges and changing attitudes in cybersecurity, AI, data
breaches, and other trends transforming identity. The only
identity-specific survey in the industry, the 2025 RSA ID IQ Report
analyzes responses from more than 2,000 cybersecurity, identity and
access management (IAM), and tech professionals from 62 countries,
highlights key insights into the evolving identity and security
landscape.
Key findings:
-
When organizations suffer identity-related data breaches, it costs them-significantly: Identity-related
data breaches are more severe and costly than run-of-the-mill
incidents: More than 40% of respondents reported an identity-related
security breach. Of those, 66% reported it as a severe event that
affected their organization. 44% of respondents estimated that the total
costs of identity-related data breaches exceeded the cost of a typical
data breach. These findings underscore why organizations should
prioritize investing in security capabilities that can mitigate the high
costs of identity-related breaches.
-
Cybersecurity is no longer on the fence about AI: 80% of
respondents felt that AI will do more to empower cybersecurity than abet
cybercriminals over the next five years, with nearly as many
organizations (79%) planning to implement some AI in their cybersecurity
stack within the next year. Entertainment, finance, and retail were the
likeliest sectors to implement some form of AI in the next year. Highly
regulated industries are among the most likely to have plans to
implement AI in their cybersecurity stacks.
-
Organizations are leaving toxic relationships with passwords:
More than half (51%) of respondents reported needing to input their
passwords six times or more for work every day. That friction and the
cost of identity data breaches may be motivating organizations to change
their authentication strategies: 61% of respondents expressed that
their organization had plans to implement passwordless capabilities in
the next year, rather than wait for phishing or other attacks to breach
their defenses.
-
Security software on personal devices divides organizations:
Willingness to install security monitoring software on personal devices
varied widely among respondents. 73% of IAM experts and 60% of
cybersecurity specialists expressed willingness to have corporate
security software on their personal devices, as opposed to only 39% of
generalists.
-
Hybrid environments dominate: 70% of organizations operate in
hybrid environments, reflecting the increasingly complex landscape of
application and security deployments, and organizations' need for
solutions that span environments.
"If I take anything from the 2025 RSA ID IQ Report, it's that
cybersecurity and IAM experts are acting on identity security right now,
making investments in AI and secure passwordless authentication both
because the technology is ready and because the costs of waiting for an
identity-related data breach to strike are too high to ignore," said RSA
CEO Rohit Ghai.
"The 2025 RSA ID IQ Report is a temperature check of what our
customers-the world's most secure organizations-care about. It reveals
what new cybersecurity frameworks, threats, and technologies really mean
to security-first leaders in government, finance, healthcare, and
energy, and helps RSA continue to prioritize the innovations they need,"
said RSA CMO Laura Marx.