May 14
/
Latest News
Global Survey Shows Identity Breaches Surging as Detection Gaps Widen
A new global survey of 5,000 IT and cybersecurity leaders across 17 countries reveals that identity‑related breaches have become nearly universal, with more than 70% of organizations reporting at least one incident in the past year.
Switzerland recorded the highest breach rate, followed by Mexico and Italy, while Germany, Colombia, and Japan reported the lowest—though all still exceeded 60%, underscoring the widespread nature of identity compromise. Sectors tied to national infrastructure, including energy, oil and gas, utilities, and federal government agencies, faced the most frequent breaches. Industries with heavier historical investment in cybersecurity—such as IT, telecoms, and healthcare—reported comparatively lower rates.
Compliance struggles emerged as a strong predictor of breach exposure. Organizations that reported difficulty meeting regulatory requirements were also more likely to experience identity‑related incidents, suggesting deeper operational and security weaknesses.
Most organizations that suffered an identity breach in 2025 were able to detect and stop the attack before it caused damage. Smaller companies, however, lagged significantly in detection capabilities, leaving them more vulnerable to severe outcomes. While Switzerland had one of the highest breach rates, Brazil recorded the highest rate of detection failures, placing both countries among the most exposed.
Detection failures varied sharply by industry. Media, leisure, and entertainment companies reported the weakest detection performance, followed by manufacturing and financial services. Healthcare organizations performed best, likely due to regulatory pressure to maintain strong monitoring and reporting practices.
Researchers also found a strong connection between identity compromise and ransomware. Two‑thirds of organizations hit by ransomware said the attack was tied to their most significant identity breach, reinforcing the role of compromised credentials as a primary ransomware delivery vector. The link was strongest among mid‑sized organizations with 1,001 to 3,000 employees. Higher education and transportation reported the highest correlation, while financial services, IT, technology, and telecoms showed lower rates.
For the 510 organizations that failed to stop a major identity attack, the consequences were severe. Each suffered an average of two major impacts: roughly half experienced data theft, nearly half were hit with ransomware, 46.7% lost money through fraud or stolen funds, and 43.9% faced extortion attempts. Respondents cited an average of two root causes per incident, with weak human identity management and human error topping the list—particularly among larger enterprises.
The financial toll was substantial. The global mean recovery cost reached $1.64 million, with a median of $750,000. The survey also highlighted significant gaps in identity security practices. While real‑time monitoring was the most common activity, more than half of organizations reviewed unusual login attempts only once every three months or less. Non‑human identity (NHI) management was especially weak: just 34.3% rotated or audited NHIs weekly or more often, and only 11.1% did so continuously. Identity governance policy reviews were the least frequent activity, with one‑third occurring no more than quarterly and nearly a quarter happening only twice a year.
Organizations with poor NHI management were 22% more likely to suffer financial theft and 24.4% more likely to face extortion. Their recovery costs were also higher—by an average of $147,178—highlighting the growing financial risk tied to unmanaged machine identities.
Switzerland recorded the highest breach rate, followed by Mexico and Italy, while Germany, Colombia, and Japan reported the lowest—though all still exceeded 60%, underscoring the widespread nature of identity compromise. Sectors tied to national infrastructure, including energy, oil and gas, utilities, and federal government agencies, faced the most frequent breaches. Industries with heavier historical investment in cybersecurity—such as IT, telecoms, and healthcare—reported comparatively lower rates.
Compliance struggles emerged as a strong predictor of breach exposure. Organizations that reported difficulty meeting regulatory requirements were also more likely to experience identity‑related incidents, suggesting deeper operational and security weaknesses.
Most organizations that suffered an identity breach in 2025 were able to detect and stop the attack before it caused damage. Smaller companies, however, lagged significantly in detection capabilities, leaving them more vulnerable to severe outcomes. While Switzerland had one of the highest breach rates, Brazil recorded the highest rate of detection failures, placing both countries among the most exposed.
Detection failures varied sharply by industry. Media, leisure, and entertainment companies reported the weakest detection performance, followed by manufacturing and financial services. Healthcare organizations performed best, likely due to regulatory pressure to maintain strong monitoring and reporting practices.
Researchers also found a strong connection between identity compromise and ransomware. Two‑thirds of organizations hit by ransomware said the attack was tied to their most significant identity breach, reinforcing the role of compromised credentials as a primary ransomware delivery vector. The link was strongest among mid‑sized organizations with 1,001 to 3,000 employees. Higher education and transportation reported the highest correlation, while financial services, IT, technology, and telecoms showed lower rates.
For the 510 organizations that failed to stop a major identity attack, the consequences were severe. Each suffered an average of two major impacts: roughly half experienced data theft, nearly half were hit with ransomware, 46.7% lost money through fraud or stolen funds, and 43.9% faced extortion attempts. Respondents cited an average of two root causes per incident, with weak human identity management and human error topping the list—particularly among larger enterprises.
The financial toll was substantial. The global mean recovery cost reached $1.64 million, with a median of $750,000. The survey also highlighted significant gaps in identity security practices. While real‑time monitoring was the most common activity, more than half of organizations reviewed unusual login attempts only once every three months or less. Non‑human identity (NHI) management was especially weak: just 34.3% rotated or audited NHIs weekly or more often, and only 11.1% did so continuously. Identity governance policy reviews were the least frequent activity, with one‑third occurring no more than quarterly and nearly a quarter happening only twice a year.
Organizations with poor NHI management were 22% more likely to suffer financial theft and 24.4% more likely to face extortion. Their recovery costs were also higher—by an average of $147,178—highlighting the growing financial risk tied to unmanaged machine identities.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.