Identity Threats on the Rise: RSA ID IQ Report Highlights Surging Breaches, Help Desk Hijacks, and Passwordless Challenges
A new global report from RSA, a leader in security-first identity solutions, has unveiled alarming trends in the state of identity-related cybersecurity threats. The 2026 RSA ID IQ Report, released today, provides critical insights from over 2,100 cybersecurity, identity and access management (IAM), and IT professionals worldwide. The findings paint a concerning picture of escalating identity breaches, soaring costs, and emerging vulnerabilities, while also shedding light on the challenges of adopting passwordless authentication and the growing optimism around artificial intelligence (AI) in cybersecurity.
Identity Breaches Surge, Driving Escalating Costs
One of the most striking revelations from the report is the dramatic increase in identity-related breaches. A staggering 69% of organizations reported experiencing an identity-related breach in the last three years—a 27-percentage-point increase year-over-year. This represents a 64% relative increase, signaling that identity risks are becoming more pervasive and dangerous. Whether due to a surge in successful attacks, improved detection capabilities, or better reporting, the data underscores a heightened threat environment.
The financial toll of these breaches is equally alarming. According to the report, 45% of organizations said that the cost of an identity-related breach exceeded the typical breach cost outlined in IBM’s annual data breach report. Even more concerning, 24% of organizations reported breach costs exceeding $10 million—a three-percentage-point increase compared to the previous year. These figures highlight not only the frequency but also the severity of identity-related incidents, making them a top concern for businesses worldwide.
Help Desk Hijacks Emerge as a Major Threat
Another significant finding from the report is the rise of IT help desk hijacks as a major attack vector. High-profile breaches at companies like MGM Resorts, Caesars Entertainment Group, and Marks & Spencer have demonstrated how attackers exploit vulnerabilities in help desk operations to gain unauthorized access to sensitive systems.
The report reveals that 65% of organizations are seriously concerned about falling victim to a similar attack, while 51% consider service desk bypass attacks their most significant risk. These statistics underscore the urgent need for organizations to strengthen their help desk security protocols and implement robust verification mechanisms to prevent social engineering exploits.
“Help desk social engineering has emerged as a major new attack vector,” said Laura Marx, RSA’s Chief Marketing and Growth Officer. “It’s urgent that leaders use this data to assess their identity capabilities and prioritize actions to stay safe.”
Passwordless Adoption Faces Hurdles
Despite growing awareness of the vulnerabilities associated with traditional passwords, the adoption of passwordless authentication remains sluggish. The report highlights that 90% of organizations face challenges in transitioning to passwordless systems, citing factors such as user resistance, technical complexity, and integration issues.
This struggle is evident in user behavior, with 57% of organizations still relying on passwords as their primary authentication method. While the industry recognizes the benefits of passwordless solutions—such as enhanced security and improved user experience—the slow progress underscores the need for greater investment in education, infrastructure, and support to accelerate adoption.
Cybersecurity’s AI Optimism and Adoption
Amid the challenges, there is a bright spot: widespread optimism about the role of AI in cybersecurity. The report shows that 83% of organizations believe AI will benefit cybersecurity more than it will benefit cybercrime over the next three years. This confidence is translating into action, with 91% of organizations planning to implement AI in their tech stack this year—a 12-percentage-point increase compared to the previous year.
AI’s potential to enhance threat detection, streamline incident response, and improve overall security posture is driving this enthusiasm. However, the report also serves as a reminder that while AI holds great promise, its effective implementation requires careful planning and oversight to ensure it delivers on its potential without introducing new risks.
A Call to Action for Organizations
The findings from the 2026 RSA ID IQ Report underscore the urgent need for organizations to reassess and strengthen their identity security strategies. “Identity simply fails too many organizations too often,” said Greg Nelson, CEO of RSA. “The likelihood of a breach—and the cost of inaction—are too high for leaders to tolerate the status quo. Instead, these new findings should urge organizations to act quickly to keep themselves secure.”
RSA executives, including Greg Nelson, Laura Marx, and Jim Taylor, RSA’s President and Chief Strategy Officer, will delve deeper into the report’s key findings during live webinars scheduled for November 12 and 13. These sessions will provide valuable insights and actionable recommendations for organizations looking to bolster their defenses against identity-related threats.
Key Takeaways and Resources
The 2026 RSA ID IQ Report offers a sobering yet invaluable look at the current state of identity security. With identity breaches surging, help desk hijacks emerging as a top threat, and passwordless adoption lagging, organizations must take decisive action to protect themselves. At the same time, the optimism surrounding AI presents an opportunity to leverage cutting-edge technology in the fight against cybercrime.
To learn more, download the full report and infographic, and register for the upcoming webinars:
- Download the 2026 RSA ID IQ Report
- Download the 2026 RSA ID IQ Report Infographic
- Register for the webinar:
- EMEA – November 12, 1 PM GMT
- AMER – November 12, 2 PM ET
- APJ – November 13, 12:30 PM SGT
As the digital landscape continues to evolve, staying ahead of identity threats will require vigilance, innovation, and collaboration. The 2026 RSA ID IQ Report serves as both a wake-up call and a roadmap for organizations striving to safeguard their assets and maintain trust in an increasingly interconnected world.
About RSA:
RSA provides mission-critical cybersecurity solutions that protect the world’s most security-sensitive organizations. The RSA Unified Identity Platform provides true passwordless identity security, risk-based access, automated identity intelligence, and comprehensive identity governance across cloud, hybrid, and on-premises environments. More than 9,000 high-security organizations trust RSA to manage more than 60 million identities, detect threats, secure access, and enable compliance. For additional information, visit our website to contact sales, find a partner, or learn more about RSA.
