In a landscape where digital security is paramount, RSA’s 2025 ID IQ Report underscores critical cybersecurity trends that organizations need to be aware of. Rohit Ghai, RSA’s CEO, frames the study as a reality check and a call to action. The report analyzes responses from over 2,000 cybersecurity, identity, access management, and tech professionals from 62 countries. Despite many participants identifying as experts in cybersecurity, they struggled with essential security principles, revealing a gap for organizations aiming to stay secure. Designed to assess knowledge of crucial security practices like Zero Trust architecture and password management, the report produced surprising results: nearly half of all participants answered at least half of the questions incorrectly.
“We were surprised—if not a little shocked—at some of the answers we got back.”
Rohit Ghai, RSA’s CEO
The responses highlight vulnerabilities that attackers can exploit and raise concerns about industries’ security preparedness. For instance, participants commonly misunderstood Zero Trust, a framework critical in today’s landscape where insider threats are rising. Misunderstanding such a foundational concept can result in ineffective defense strategies and increased attack exposure. Similarly, password management questions revealed widespread gaps, with many respondents failing to recognize the importance of unique, complex passwords and the risks of password reuse. This practice can compromise an entire organization if a single account is breached.
In his executive summary, Ghai was somewhat blunt: “We were surprised—if not a little shocked—at some of the answers we got back.”
Our further takeaways are as follows. You can read the whole report here.
Costly Breaches and Financial Impact
The report reveals that 42% of respondents suffered identity-related breaches within the last three years. Alarmingly, two-thirds of these breaches were classified as severe. The financial fallout is substantial: 44% estimated identity breach costs to surpass those of a typical data breach. When asked to quantify the impact, nearly a quarter estimated costs between $1 million and $5 million, while 23% placed the total over $5 million, with some reaching as high as $10 million or more.
AI’s Potential in Cybersecurity
AI’s role in cybersecurity is no longer theoretical, with 80% of respondents believing it will benefit cybersecurity more than criminals over the next five years. Sectors such as finance, entertainment, and retail lead the way in AI integration, with 79% of organizations planning to add AI capabilities within the next year. While the optimistic outlook spans industries, challenges remain. Functions like authentication and access management are seen as AI’s primary areas for improvement, though some sectors, particularly agriculture and public services, remain wary of potential AI-enabled risks.
Passwordless Security Gains Traction
More than half (51%) of respondents log into work accounts six or more times a day, a constant source of friction that has driven many companies to explore passwordless solutions. The report found that 61% of organizations plan to implement passwordless authentication within the year, with identity and access management (IAM) experts being some of the strongest advocates for this transition. However, challenges linger, as 24% expressed doubts about the maturity of passwordless standards for enterprise use, while 15% cited a lack of trust in the technology.
Security Software on Personal Devices Sparks Debate
The report also highlights a divide in attitudes toward monitoring software on personal devices. While 73% of IAM experts and 60% of cybersecurity specialists are open to installing corporate security software on their personal devices, only 39% of general respondents agreed. This disparity signals potential hurdles in aligning security protocols across organizational hierarchies.
Hybrid Environments Present Complex Challenges
Seventy percent of organizations operate in hybrid environments that blend cloud and on-premises applications. The report suggests that managing such setups is challenging, with recent high-profile outages underscoring the need for resilient infrastructure. Ghai advises organizations to act decisively in bolstering hybrid solutions, citing recent disruptions that cost companies millions in lost productivity and revenue.
Conclusion: Navigating the Future of Cybersecurity
As organizations confront an increasingly complex cybersecurity landscape, the RSA 2025 ID IQ Report calls for proactive investment in identity security. “The future might be bright,” Ghai reflects, “but we can’t let the glare distract us from the essential work that we do every day.”
Other News: The Role of Human Error in Cybersecurity Failures and How to Mitigate It(Opens in a new browser tab).
Other News: Many of the National Guardsmen activated for election focus on cybersecurity.