Identity-related data breaches cost more than average incidents

Identity-related data breaches are more severe and costly than run-of-the-mill incidents, according to RSA.

40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 44% estimated that the total costs of identity-related data breaches exceeded the cost of a typical data breach.

These findings underscore why organizations should prioritize investing in security capabilities that can mitigate the high costs of identity-related breaches.

AI seen as key asset in future cybersecurity strategies

80% of respondents felt that AI will do more to empower cybersecurity than abet cybercriminals over the next five years, with nearly as many organizations (79%) planning to implement some AI in their cybersecurity stack within the next year. Entertainment, finance, and retail were the likeliest sectors to implement some form of AI in the next year. Highly regulated industries are among the most likely to have plans to implement AI in their cybersecurity stacks.

51% of respondents reported needing to input their passwords six times or more for work every day. That friction and the cost of identity data breaches may be motivating organizations to change their authentication strategies: 61% expressed that their organization had plans to implement passwordless capabilities in the next year, rather than wait for phishing or other attacks to breach their defenses.

There’s reason for some skepticism about passwordless technology, particularly in enterprise use cases. That may be due to lingering ambiguity in the market about what a “passkey” really is, and the fact that not all passkeys are appropriate for professional use.

Security software on personal devices divides organizations

Willingness to install security monitoring software on personal devices varied widely among respondents. 73% of IAM (Identity and Access Management) experts and 60% of cybersecurity specialists expressed willingness to have corporate security software on their personal devices, as opposed to only 39% of generalists.

70% of organizations operate in hybrid environments, reflecting the increasingly complex landscape of application and security deployments, and organizations’ need for solutions that span environments.

By sector, agriculture and aerospace estimated that identity-related data breaches tended to cost them the most, with 50% and 43% of respondents noting that breaches had cost them more than $10,000,000 (respectively).

The United States reported the largest share of breaches that exceeded $10 million and was among the top countries to rate their data breaches as the most severe.

“If I take anything from the 2025 RSA ID IQ Report, it’s that cybersecurity and IAM experts are acting on identity security right now, making investments in AI and secure passwordless authentication both because the technology is ready and because the costs of waiting for an identity-related data breach to strike are too high to ignore,” said RSA CEO Rohit Ghai.