The weakest areas included Active Directory infrastructure and account security.
Security vulnerabilities in hybrid identity environments are proving difficult to manage, with organizations experiencing declining security performance.
According to the 2025 Purple Knight Report from Semperis, the average initial security score dropped from 72 to 61 out of 100 year-over-year, signalling growing gaps in defending platforms like Active Directory, Entra ID, and Okta.
Mid-sized organisations fared worst, averaging a score of 52, while government and retail sectors scored lowest among industries. The weakest areas included Active Directory infrastructure and account security.
"Hybrid identity environments are complex, and threat actors know it," said Sean Deuby, Principal Technologist at Semperis. However, organizations following Purple Knight's remediation guidance saw average improvements of 21 points, with some gaining up to 61 points.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
