AI jeopardizes and protects identities - at the same time
Artificial intelligence is a double-edged sword - as shown by the new Cisco DUO study "2025 State of Identity Security", for which 325 IT and security managers in Europe were surveyed.
The key finding of the DUO study: AI-based phishing is one of the biggest threats to identities in 2025, according to 34 % of the executives surveyed. At the same time, however, AI is also modernizing identity protection. 87 % of companies in Europe are introducing appropriate security solutions in their corporate networks to ward off AI-based attacks.
Significant risks for identity security
Although executives understand the importance of identity security, there are major gaps in terms of trust and implementation. According to the study, only a third (34 %) of European executives believe that their current identity provider (IdP) can prevent attacks on identities. This is partly due to complex systems and a lack of transparency regarding potential vulnerabilities.
A full 96 % of executives say that a complex identity infrastructure compromises their overall security. In addition, 88 % admit that they do not have a complete overview of the identity risks in their company. No wonder: on average, IT and security teams use five tools to solve an identity problem.
The consequences can be costly. Almost half (48 %) of decision-makers report financial losses due to identity theft. In response to this risk, 76 % have already increased their investment in identity security for 2025.
Constant phishing and MFA gaps
This is particularly important given the constant threat of phishing, which requires the comprehensive implementation of multi-factor authentication (MFA). However, while 88 % of executives believe that phishing-resistant MFA is critical to their security, only 32 % are confident in their phishing controls.
Nevertheless, 42 % of European companies have already introduced FIDO2 tokens for phishing-resistant MFA. The hardware tokens in accordance with the standards of the FIDO Alliance (Fast IDentity Online) are connected to a computer as a USB stick, for example, and offer a high level of security as the private key remains on the device. However, these tokens are often reserved for privileged users due to the cost of management (59 %), hardware costs (47 %) and additional training (44 %). At least 52 % of managers want to introduce passwordless access, but expect implementation to be challenging.
70% want to consolidate providers - also to improve real-time transparency
In general, there are a number of hurdles when it comes to securing identities. For example, a significant 80 % of IT leaders admit that identity security solutions are added as an afterthought to infrastructure planning rather than integrated from the outset. This can lead to additional costs, complexity and impaired transparency. To improve this, 70 % of teams are actively looking at consolidating vendors.
In addition, real-time visibility into the behavior of identities and devices is necessary for security and IT teams to make informed decisions. After all, 53 % of companies currently have fully integrated identity and device telemetry.
"Companies need modern identity solutions that prioritize security without compromising user-friendliness," summarizes Christopher Tighe, General Manager at Cisco Switzerland. "Only a security-oriented IAM - identity and access management - in the corporate network guarantees strong identity protection against AI attacks."
