Key findings from the 2026 report include:
- Identity breaches surge, driving escalating costs
- Help desk hijacks emerge as a major threat
- AI optimism is high, but passwordless progress stalls
BURLINGTON, Mass. – A new global report from RSA, the security-first identity leader, reveals that identity caused both more frequent and more expensive data breaches this year than last. Released today, the 2026 RSA ID IQ Report reveals critical insights from more than 2,100 cybersecurity, identity and access management (IAM), and IT professionals on how frequently identity fails organizations, the financial impacts their organizations suffered when it did, attitudes on AI’s cybersecurity potential, the factors limiting the growth of passwordless authentication, and more.
Key findings include:
- Identity breach frequency surged: 69% of organizations experienced an identity-related breach in the last three years, a 27-percentage-point increase year-over-year. That 64% relative increase suggests either a surge in successful identity attacks, better detection or reporting, or both. In either case, the report shows that the identity risk environment has become even more dangerous.
- Identity breach costs escalated: 45% of organizations said that the cost of an identity-related breach exceeded the typical cost of a breach as defined by IBM. Notably, 24% of organizations said costs exceeded $10M, a three-percentage-point year-over-year increase since the previous year’s survey.
- IT Help Desk bypass and social engineering attacks are a top threat: Following high-profile breaches at MGM Resorts, Caesars Entertainment Group, and Marks & Spencer that originated at organizations’ IT help desks, 65% of organizations are seriously concerned about a similar attack, and 51% consider service desk bypass attacks their most significant risk
- Passwordless adoption faces hurdles: 90% of organizations reported challenges in moving toward passwordless authentication. This struggle is reflected in user behavior, as 57% still don’t use passwordless as their primary authentication method.
- Cybersecurity’s AI optimism & adoption: The cybersecurity sector is largely optimistic about AI, with 83% expecting it to benefit cybersecurity more than it will benefit cybercrime in the next three years. This optimism translates into action: 91% of organizations plan to implement AI in their tech stack this year, marking a 12-percentage-point increase year-over-year.
“The 2026 RSA ID IQ Report underscores that identity simply fails too many organizations too often,” said RSA CEO Greg Nelson. “The likelihood of a breach—and the cost of inaction—are too high for leaders to tolerate the status quo. Instead, these new findings should urge organizations to act quickly to keep themselves secure.”
“Identity-related breaches exploded in 2026, jumping from impacting 42% of organizations to 69% in just one year, with help desk social engineering emerging as a major new attack vector,” said RSA Chief Marketing and Growth Officer Laura Marx. “It’s urgent that leaders use this data to assess their identity capabilities and prioritize the actions to stay safe.”
Greg Nelson, Laura Marx, and RSA President, Chief Strategy Officer Jim Taylor will detail key findings and takeaways from the 2026 RSA ID IQ Report during live webinars on November 12 and 13.
Resources:
Download the 2026 RSA ID IQ Report
Download the 2026 RSA ID IQ Report Infographic
Register for the webinar now at any of the following times:
About RSA:
RSA provides mission-critical cybersecurity solutions that protect the world’s most security-sensitive organizations. The RSA Unified Identity Platform provides true passwordless identity security, risk-based access, automated identity intelligence, and comprehensive identity governance across cloud, hybrid, and on-premises environments. More than 9,000 high-security organizations trust RSA to manage more than 60 million identities, detect threats, secure access, and enable compliance. For additional information, visit our website to contact sales, find a partner, or learn more about RSA.
Contacts
