According to a report from The Identity Defined Security Alliance (IDSA), organizations are still struggling with incidents related to identity, with a concerning 90% of them reporting such incidents within the past year. This marks a 6% increase compared to the previous year. 

The growing number of identities has presented significant challenges for identity stakeholders, who often lack sufficient support from their leadership teams. Shockingly, only 49% of the respondents indicated that their leadership teams understand identity and security risks and take proactive measures to invest in protection before experiencing an incident.

“As cloud adoption, remote work, mobile device usage, and third-party relationships drive up the number of identities, more and more organizations are suffering from identity-related incidents,” said Jeff Reich, Executive Director, IDSA.

“Protecting digital identities has never been more important in the fight against increasingly savvy cyberattacks. And while managing and securing identities continues to be called out as a top priority by organizations, meaningful shifts in proactive investment and leadership are necessary to reduce risk,” Reich continued

In the face of rapidly increasing cyberattacks in terms of both sophistication and volume, safeguarding digital identities has become more critical than ever. Organizations must ensure that only authorized individuals have access to appropriate data, networks, and systems. Additionally, they need to employ effective technologies to prevent malicious actors from gaining access to sensitive information.

The research highlights that the expanding number of identities has resulted in more businesses experiencing identity-related incidents, leading them to prioritize identity security as a crucial focus area. However, securing these identities remains a major challenge for most organizations, and achieving desired security outcomes is an ongoing process.

The report identifies several barriers faced by security teams, including complex identity frameworks due to multiple vendors and different architectures (40%), as well as intricate technology environments (39%). Respondents also cited insufficient budget (30%), lack of expertise (29%), absence of standards (26%), inadequate personnel (25%), and governance issues (23%) as additional hurdles.

Furthermore, the study reveals that 55% of the respondents attribute the increase in the number of identities to the adoption of more cloud applications. Other significant factors driving identity growth include the rise of remote work (50%), increased usage of mobile devices (44%), and the establishment of third-party relationships (41%). Managing and securing identities emerge as a top-five priority for 86% of the surveyed organizations.

Regarding the impact of emerging trends on identity security, 89% of businesses express concerns about the influence of new privacy regulations. Furthermore, 98% of the respondents believe that artificial intelligence and machine learning (AI/ML) can address identity-related challenges, with 63% highlighting the identification of outlier behaviors as the primary use case. Businesses also worry about employees using corporate credentials for social media accounts, with 90% expressing slight or significant levels of concern.

Although investments in security outcomes have shown improvement, the process is still a work in progress. 96% of identity stakeholders believe that better security outcomes could have mitigated the business impact of incidents. Some of the measures that could have prevented or minimized the effects of incidents, according to the respondents, include implementing multifactor authentication (MFA) for all users (42%), conducting timely reviews of access to sensitive data (40%), and managing privileged access (34%). Additionally, 97% of the organizations plan to further invest in security outcomes in the next 12 months.