Valid accounts with missing or lax multi-factor authentication (MFA) accounted for 43.9% of all incident response investigations by Rapid7 in 2025, making it the single most common initial access vector.
Valid accounts with missing or lax multi-factor authentication (MFA) accounted for 43.9% of all incident response investigations by Rapid7 in 2025, making it the single most common initial access vector. — This cybersecurity statistic was published by 2026 Global Threat Landscape Report in May 2026. It covers topics including Valid Accounts, MFA, Initial Access Vector. The original data appears in Rapid7. For the full methodology and detailed findings, refer to the original report.
Share or Copy this stat
Frequently Asked Questions
What does this statistic say?
Valid accounts with missing or lax multi-factor authentication (MFA) accounted for 43.9% of all incident response investigations by Rapid7 in 2025, making it the single most common initial access vector. This data was published by 2026 Global Threat Landscape Report and covers Valid Accounts, MFA, Initial Access Vector.
Where does this data come from?
This statistic comes from Rapid7, published by 2026 Global Threat Landscape Report on May 27, 2026. You can view the original report at https://www.rapid7.com/research/report/global-threat-landscape-report-2026/.
What cybersecurity topics does this cover?
This statistic relates to Valid Accounts, MFA, Initial Access Vector. Browse more statistics on Valid Accounts or from 2026 Global Threat Landscape Report .