Header image

Identity-Based Data Breaches Often Rated as 'Severe'

Half of users also have to input their passwords six times or more for work every day.

Around two-thirds of those who have experienced an ‘identity-related’ data breach have classified it as a severe event that affected their organization.

According to the 2025 RSA ID IQ Report, released this week, responses from more than 2,000 cybersecurity, identity and access management (IAM), and tech professionals from 62 countries, found 44 percent of respondents estimated that the total costs of identity-related data breaches exceeded the cost of a typical data breach.

The survey found that 51 percent of respondents need to input their passwords six times or more for work every day. That friction and the cost of identity data breaches may be motivating organizations to change their authentication strategies: 61 percent of respondents expressed that their organization had plans to implement passwordless capabilities in the next year, rather than wait for phishing or other attacks to breach their defenses.

“If I take anything from the 2025 RSA ID IQ Report, it’s that cybersecurity and IAM experts are acting on identity security right now, making investments in AI and secure passwordless authentication both because the technology is ready and because the costs of waiting for an identity-related data breach to strike are too high to ignore,” said RSA CEO Rohit Ghai.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.