Half of users also have to input their passwords six times or more for work every day.
Around two-thirds of those who have experienced an ‘identity-related’ data breach have classified it as a severe event that affected their organization.
According to the 2025 RSA ID IQ Report, released this week, responses from more than 2,000 cybersecurity, identity and access management (IAM), and tech professionals from 62 countries, found 44 percent of respondents estimated that the total costs of identity-related data breaches exceeded the cost of a typical data breach.
The survey found that 51 percent of respondents need to input their passwords six times or more for work every day. That friction and the cost of identity data breaches may be motivating organizations to change their authentication strategies: 61 percent of respondents expressed that their organization had plans to implement passwordless capabilities in the next year, rather than wait for phishing or other attacks to breach their defenses.
“If I take anything from the 2025 RSA ID IQ Report, it’s that cybersecurity and IAM experts are acting on identity security right now, making investments in AI and secure passwordless authentication both because the technology is ready and because the costs of waiting for an identity-related data breach to strike are too high to ignore,” said RSA CEO Rohit Ghai.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
