Artificial intelligence (AI) is a double-edged sword.
This is the conclusion from a new Cisco DUO report “2025 State of Identity Security,” which surveyed 650 IT and security managers across Europe and North Africa.
According to 44% of executives polled, AI-based phishing will be one of the biggest threats to identities in 2025. At the same time, however, AI is also modernising identity protection.
Eighty-five percent of companies are introducing appropriate security solutions into their corporate networks to block AI-based attacks.
Significant risks to identity security
Although executives recognise the importance of identity security, there are major gaps in confidence and execution. According to the report, only a third (33%) of executives believe that their current identity provider (IdP) can prevent attacks on identities. This is due, among other things, to complex systems and a lack of transparency regarding potential vulnerabilities.
A significant 94% of executives say that a complex identity infrastructure compromises their overall security. In addition, 69% admit that they do not have a complete overview of the identity risks in their company. No wonder: on average, IT and security teams use roughly five tools to solve an identity problem.
The consequences can be costly. Nearly half (51%) of decision-makers report financial losses due to identity theft. In response to this threat, 82% have already increased their investment in identity security for 2025.
Constant phishing and MFA gaps
This is particularly important given the constant threat of phishing, which requires the comprehensive implementation of multi-factor authentication (MFA). But while 87% of executives believe that phishing-resistant MFA is critical to their security, only 30% are confident in their phishing controls.
Nevertheless, 19% of companies have already introduced FIDO2 tokens for phishing-resistant MFA. Hardware tokens that comply with the standards of the FIDO Alliance (Fast IDentity Online) are connected to a computer as a USB stick, for example, and offer a high security level because the private key remains on the device.
However, these tokens are often reserved for privileged users due to the effort involved in management (57%), hardware costs (47%), and additional training (53%). At least 61% of executives want to introduce passwordless access but anticipate challenges in implementation.
Provider consolidation, and improved real-time transparency
There are a number of hurdles when it comes to securing identities. A remarkable 74% of IT executives admit that identity security solutions are added to infrastructure planning as an afterthought, rather than being integrated from the beginning. This can lead to additional costs, complexity, and impaired transparency. To improve this, 79% of teams are actively considering consolidating providers.
In addition, real-time visibility into identity and device behavior is necessary for security and IT teams to make informed decisions. After all, 52% of companies have now fully integrated identity and device telemetry.
“Companies need modern identity solutions that prioritise security without compromising user experience,” summarises Nabeel Rajab, technical solutions architect at Cisco. “Only security-oriented IAM – Identity and Access Management – in the corporate network ensures strong identity protection against AI attacks.”
The 2025 State of Identity Security: Challenges and Strategies from IT and Security Leaders report was created by Cisco Duo. Duo and Cisco Identity Intelligence help global teams make sense of the complex identity landscape by offering simplified security-first identity management, frictionless phishing-resistant MFA, and unified identity telemetry.