AI jeopardizes and protects identities - at the same time

Artificial intelligence is a double-edged sword - as shown by the new Cisco DUO study "2025 State of Identity Security", for which 325 IT and security managers in Europe were surveyed.

Only a third of the managers surveyed believe that protection against identity attacks is high enough. (Graphic: Cisco)

The key finding of the DUO study: AI-based phishing is one of the biggest threats to identities in 2025, according to 34 % of the executives surveyed. At the same time, however, AI is also modernizing identity protection. 87 % of companies in Europe are introducing appropriate security solutions in their corporate networks to ward off AI-based attacks. 

Significant risks for identity security

Although executives understand the importance of identity security, there are major gaps in terms of trust and implementation. According to the study, only a third (34 %) of European executives believe that their current identity provider (IdP) can prevent attacks on identities. This is partly due to complex systems and a lack of transparency regarding potential vulnerabilities.

A full 96 % of executives say that a complex identity infrastructure compromises their overall security. In addition, 88 % admit that they do not have a complete overview of the identity risks in their company. No wonder: on average, IT and security teams use five tools to solve an identity problem.

The consequences can be costly. Almost half (48 %) of decision-makers report financial losses due to identity theft. In response to this risk, 76 % have already increased their investment in identity security for 2025.

Constant phishing and MFA gaps

This is particularly important given the constant threat of phishing, which requires the comprehensive implementation of multi-factor authentication (MFA). However, while 88 % of executives believe that phishing-resistant MFA is critical to their security, only 32 % are confident in their phishing controls.

Nevertheless, 42 % of European companies have already introduced FIDO2 tokens for phishing-resistant MFA. The hardware tokens in accordance with the standards of the FIDO Alliance (Fast IDentity Online) are connected to a computer as a USB stick, for example, and offer a high level of security as the private key remains on the device. However, these tokens are often reserved for privileged users due to the cost of management (59 %), hardware costs (47 %) and additional training (44 %). At least 52 % of managers want to introduce passwordless access, but expect implementation to be challenging.

70% want to consolidate providers - also to improve real-time transparency

In general, there are a number of hurdles when it comes to securing identities. For example, a significant 80 % of IT leaders admit that identity security solutions are added as an afterthought to infrastructure planning rather than integrated from the outset. This can lead to additional costs, complexity and impaired transparency. To improve this, 70 % of teams are actively looking at consolidating vendors.

In addition, real-time visibility into the behavior of identities and devices is necessary for security and IT teams to make informed decisions. After all, 53 % of companies currently have fully integrated identity and device telemetry.

"Companies need modern identity solutions that prioritize security without compromising user-friendliness," summarizes Christopher Tighe, General Manager at Cisco Switzerland. "Only a security-oriented IAM - identity and access management - in the corporate network guarantees strong identity protection against AI attacks."

(Visited 171 times, 1 visits today)

More articles on the topic