51% of IT leaders say employees don’t take security seriously.

36% of IT admins cite difficulty tracking employee progress toward more secure practices.

45% of IT leaders advocate for regular security training to instil robust password habits and awareness among employees

66% of organisations that do not alert employees to update at-risk credentials say they lack the tools or resources to do so effectively.

44% of IT admins say employees struggle with knowing how to change their passwords.

60% of IT managers report their strategies for quickly updating at-risk credentials to be only somewhat effective or completely ineffective.

68% of IT managers say employee motivation is the biggest challenge in remediating at-risk credentials.

46% of IT leaders suggest that simplified workflows for non-technical users would facilitate easier and timelier password updates.

67% of IT admins cite credential access management as being very important.

42% of IT admins rely on email notifications for employees to update credentials.

Only 33% of IT managers reveal that they are currently able to take a proactive approach to credential security.

36% of IT admins rely on direct conversations for employees to update credentials.

48% of organisations report ineffective password health monitoring.

Employees take an average of nine days to update weak or compromised credentials.

23% of SMBs use easily hackable passwords with a pet’s name, a series of numbers, or a family member’s name.

Based on Cloudflare's observed traffic between September - November 2024, 41% of successful logins across websites protected by Cloudflare involve compromised passwords.

Approximately 41% of successful human authentication attempts involve leaked credentials.

95% of login attempts involving leaked passwords are coming from bots.

59% of human traffic is clean from leaked credentials against 41% with leaked passwords.

Only 5% of leaked password login attempts result in access being denied. 90% of these denied requests are bot-driven. The remaining 19% of login attempts fall under other outcomes, such as timeouts or users who changed their passwords