Identity
We've curated 94 cybersecurity statistics about Identity to help you understand how identity theft, credential management, and authentication practices are evolving in 2025. Discover the trends and threats affecting how personal and organizational identities are secured!
Related Topics
Showing 1-20 of 94 results
31% of users in monitored SMB environments are exposed to compromised passwords each month.
Session hijacking incidents increased by 23% over a 180-day period.
89% of monitored SMBs have at least one user with confirmed credential compromise at any given time.
69% of healthcare and manufacturing security leaders demand identity-based controls in any modern solution.
Machine identities outnumber human users by 25:1 in Microsoft 365 environments.
Each compromised device yielded an average of 87 stolen credentials.
276 million of the credentials indexed in 2025 included active session cookies.
50% more credentials were identified in the second half of 2025 than in the first half of the year.
90% more credentials were identified in the last three months of 2025 than in the first three months
Over half of all credentials (53%) were indexed within one week of exfiltration, and 36.4% within 24 hours.
Of the 7 million credentials indexed with identifiable authorization URLs, 63.2% were tied to authentication systems.
3.3 billion compromised credentials and cloud tokens make identity the primary exploit vector.
21% of cybersecurity intrusions investigated involved actors leveraging stolen human and non-human identities for initial access.
Identity weaknesses play a material role in nearly 90% of investigated incidents.
40% of cybersecurity professionals in the United States reported that Multi-Factor Authentication (MFA) is not consistently enforced for privileged accounts in 2025.
At Infosecurity Europe, 18% of cybersecurity professionals reported fully implemented zero-trust frameworks in 2025.
61% of cybersecurity professionals in Germany identified deepfakes as the most significant identity-based threat in 2025.
43% of cybersecurity professionals in the United Kingdom reported that Multi-Factor Authentication (MFA) is not consistently enforced for privileged accounts in 2025.
16% of cybersecurity professionals in the United States reported that their organizations are fully prepared to handle AI-enhanced attacks in 2025.
50% of cybersecurity professionals in the United Kingdom identified phishing as the top identity-based threat in 2025.