The following is an excerpt from the 2025 RSA ID IQ Report, which distills survey information from more than 2,000 cybersecurity experts, identity and access management (IAM) leaders, and RSA customers on the cyber threats endangering organizations, the frequency and cost of identity-related data breaches, the potential that AI has in improving cybersecurity, and investments in passwordless authentication. Download the full report now.
In 2023, RSA ran the ID IQ Quiz, which asked participants difficult questions about the definition of Zero Trust, the frequency of password reuse, and what capabilities defend against identity-related attacks.
We were surprised—if not a little shocked—at some of the answers we got back. Nearly half of all users got at least half the questions wrong, with self-described identity and access management (IAM) and cybersecurity experts performing the worst. We also found optimism about AI’s cybersecurity potential and significant vulnerabilities in unmanaged devices used as professional resources.
We wanted to learn more, including how much low identity security knowledge cost organizations, whether organizations were putting their money where their mouth was on AI, and if there was a chance to close the personal device security gap. Given the noise and potential of passwordless, we also wanted to know whether organizations were really making changes to their authentication strategies.
The 2025 RSA ID IQ Report reveals how frequently identity-related breaches affect organizations, the impact those breaches make on an organization’s bottom line, and the investments that organizations are making in their identity capabilities:
- When organizations suffer identity-related data breaches, it costs them—significantly: Identity-related data breaches are more severe and costly than run-of-the-mill incidents: More than 40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 44% of respondents estimated that the total costs of identity-related data breaches exceeded the cost of a typical data breach. These findings underscore why organizations should prioritize investing in security capabilities that can mitigate the high costs of identity-related breaches.
- Cybersecurity is no longer on the fence about AI: 80% of respondents felt that AI will do more to empower cybersecurity than abet cybercriminals over the next five years, with nearly as many organizations (79%) planning to implement some AI in their cybersecurity stack within the next year. Entertainment, finance, and retail were the likeliest sectors to implement some form of AI in the next year. Highly regulated industries are among the most likely to have plans to implement AI in their cybersecurity stacks.
- Organizations are leaving toxic relationships with passwords: More than half (51%) of respondents reported needing to input their passwords six times or more for work every day. That friction and the cost of identity data breaches may be motivating organizations to change their authentication strategies: 61% of respondents expressed that their organization had plans to implement passwordless capabilities in the next year, rather than wait for phishing or other attacks to breach their defenses.
- Security software on personal devices divides organizations: Willingness to install security monitoring software on personal devices varied widely among respondents. 73% of IAM experts and 60% of cybersecurity specialists expressed willingness to have corporate security software on their personal devices, as opposed to only 39% of generalists.
- Hybrid environments dominate: 70% of organizations operate in hybrid environments, reflecting the increasingly complex landscape of application and security deployments, and organizations’ need for solutions that span environments.
Want to learn more? Download the 2025 RSA ID IQ Report now to stay informed about emerging cyberthreats, understand the cybersecurity investing trends industries are making, and learn about the risks that cybersecurity and IAM leaders are prioritizing in the coming year.