Cisco has released its 2025 State of Identity Security report, highlighting how organizations and IT Security leaders are adapting to rising cyber threats. Based on insights from 650 global executives, the study shows that 85% of companies now prioritize identity security to counter AI-driven attacks. In the UAE, this aligns with the nation’s digital transformation goals, supported by initiatives like the National Cybersecurity Strategy to secure data and systems.
Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, says, “Identity has become the new frontline of cybersecurity. As AI-powered threats accelerate, organizations can no longer rely on fragmented tools and outdated practices. A security-first identity strategy is now essential to protect data, build trust, and enable innovation in an increasingly digital world. At Cisco, we are addressing this challenge head-on through innovations in zero trust, passwordless authentication, and identity threat detection to help organizations strengthen their defenses with speed and confidence.”
Managing access – who, where, and on which device – is a strategic imperative. Cisco’s study reveals that despite recognizing its importance, leaders face significant gaps in confidence and execution, leaving organizations vulnerable.
Facing complexity and a confidence crisis
As identity threats continue to rise and security gaps widen, leaders are facing mounting pressure to protect their organizations. Only 33% are confident that their current identity provider (IdP) can prevent attacks, largely due to complex systems and limited visibility into vulnerabilities, highlighting the urgent need for modern identity security solutions.
A significant 94% of leaders believe identity infrastructure complexity undermines security, while 75% lack a clear understanding of identity-related risks. Over half (51%) of organizations have experienced financial losses from breaches, prompting 82% of financial decision-makers to increase investments in identity security for 2025, demonstrating a strong commitment to addressing vulnerabilities.
AI’s double-edged sword: Threat and catalyst for modernization
AI brings both challenges and opportunities to identity security. AI-powered phishing, cited by 44% of leaders, is a top threat for 2025, alongside insider threats and supply chain attacks.
With 85% of companies adopting security-first practices, organizations are leveraging AI to tackle vulnerabilities and utilize its data-processing power as a defense mechanism.
Persistent phishing threats and MFA gaps
Phishing remains a persistent challenge, highlighting the urgent need for stronger authentication measures and broader adoption of multi-factor authentication (MFA). While 87% of leaders consider phishing-resistant MFA a critical component of their security strategies, only 30% express high confidence in their phishing defenses.
Despite its importance, foundational MFA protections are inconsistently applied. Key drivers of identity breaches include weak or absent MFA (36%), coverage gaps (34%), and failures of one-time passcodes (29%).
A need for security-first IAM
Organizations face challenges but also opportunities to strengthen their defenses. 74% of IT leaders admit that identity security is frequently overlooked during initial infrastructure planning. This reactive approach leads to higher costs, increased complexity, and reduced visibility, hindering effective security management. To address tool sprawl and complexity, 79% are now exploring vendor consolidation to enhance visibility.
Only 52% of organizations have fully integrated identity and device telemetry, limiting real-time insights for security teams. Contractor and third-party access remain weak points, with 86% acknowledging gaps in controls. While 87% recognize the importance of identity threat detection and response, only 32% have deployed Identity Security Posture Management (ISPM) solutions, underscoring a critical gap in identity security practices.
The 2025 State of Identity Security report underscores the urgent need for organizations to prioritize robust, security-first identity practices in response to the growing complexity of threats. By addressing gaps in confidence, execution, and infrastructure, businesses can not only protect against AI-driven threats but also foster trust and enable innovation in an increasingly digital world.
