Identity Crisis: Cisco Study Reveals Security Confidence Gap
Identity security has reached a tipping point. Despite widespread recognition of its importance, organisations across North America and Europe are struggling with fundamental confidence in their defences against identity-based attacks.
Cisco’s 2025 State of Identity Security report, based on responses from 650 IT and security leaders, shows a disconnect between awareness and execution in identity protection strategies. The research reveals that whilst leaders understand the importance of identity security, implementation gaps leave many organisations exposed.
Only 33% of leaders express confidence that their current identity provider can prevent identity-based attacks, as organisations face increasingly complex identity systems and limited visibility into potential vulnerabilities.
- Only 33% of IT leaders trust their current identity provider to prevent attacks
- 51% of organisations have suffered financial losses from identity-related breaches
- 19% of companies have deployed FIDO2 phishing-resistant authentication tokens
“94% of leaders believe that complexity in identity infrastructure decreases their overall security,” says Matt Caulfield, Cisco’s VP of Product Management.
The financial implications are substantial. Over half of surveyed organisations have experienced financial losses due to identity-related breaches, prompting 82% of financial decision-makers to increase their identity security investments for 2025.
Cisco research highlights AI’s dual impact on identity protection
As Cisco’s research shows, AI presents both new challenges and opportunities for identity security teams. The research identifies AI-driven phishing as a top concern, with leaders ranking it alongside insider threats and supply chain attacks.
“44% of leaders consider AI-driven phishing one of the top identity threats for 2025,” Matt notes. Traditional security measures prove inadequate against sophisticated AI-powered attacks, particularly when combined with complex supply chain networks and identity ecosystems.
However, AI also serves as a driver for modernisation. Cisco’s research shows 85% of companies are adopting security-first identity practices specifically to counter AI-driven threats. Organisations are leveraging AI’s data processing capabilities as a defensive tool whilst simultaneously defending against its offensive applications.
The emergence of AI-powered threats has accelerated the timeline for identity security improvements. Organisations that previously deferred identity modernisation projects now face pressure to implement comprehensive solutions capable of detecting and responding to automated attack patterns.
Cisco Duo finds MFA deployment remains incomplete despite phishing risks
The report also found that deployment of multi-factor authentication continues to lag, despite widespread acknowledgement of phishing threats. Whilst 87% of leaders consider phishing-resistant MFA critical to their security strategies, only 30% said they express high confidence in their current phishing controls.
The research identifies fundamental gaps in MFA implementation. Weak or missing MFA accounts for 36% of identity breaches, followed by coverage gaps at 34% and one-time passcode failures at 29%, Cisco says. These statistics align with findings from Cisco Talos’ Year in Review, which listed missing, incomplete or weak MFA coverage as some of the main vectors for identity-based attacks.
As AI-driven threats surge, security leaders are confronting alarming confidence gaps, fragmented visibility, and additional hurdles to adopt essential identity security measures.
Hardware token adoption also remains limited, with only 19% of companies deploying FIDO2 tokens. These gold-standard phishing-resistant authentication devices are typically reserved for privileged users, whilst broader deployment faces obstacles including token management complexity (57%), training requirements (53%) and hardware costs (47%).
Cisco study shows security-first approach gains momentum
The reactive approach to identity security is changing as organisations recognise the limitations of retrofitting security measures. The research reveals that 74% of IT leaders acknowledge identity security is often treated as an afterthought in infrastructure planning, typically implemented following compliance issues or security breaches.
This reactive model creates additional costs, complexity, and misalignment that reduces overall visibility. In response, 79% of teams are exploring vendor consolidation to improve identity security oversight and reduce tool sprawl.
Integration challenges persist across identity and device telemetry systems. Only 52% of organisations report full integration of identity and device data streams. Without real-time visibility into identity behaviours, security and IT teams cannot make consistent, informed decisions about access controls and threat responses.
Third-party access control presents particular concerns, with 86% of leaders expressing worry about inadequate controls for contractors and external parties. This extended perimeter often lacks the robust oversight applied to internal users, complicated by unmanaged devices and delayed deprovisioning processes.
Identity threat detection and response capabilities are increasingly viewed as essential, with 87% of leaders considering ITDR crucial to their security posture. However, deployment of Identity Security Posture Management solutions remains limited, with only 32% of IT teams having implemented ISPM tools.
Matt frames the broader challenge facing organisations in terms of strategic priorities.
“At Duo, we know that managing who accesses what, from where and on which device is not just a daily challenge – it’s a strategic imperative,” he says.
