Identity assurance company HYPR released its 2024 State of Passwordless Identity Assurance report. This fourth annual edition unveils the persistent trend of credential misuse and authentication weaknesses as primary drivers of breaches, costing victim organizations an average of $5.48 million over the past year.
In response is a resounding call for identity-first security strategies that prioritize passwordless adoption and frictionless identity verification. Interestingly, 75 percent of respondents expect AI to combat cybercriminals, despite 60 percent naming AI-powered threats as their biggest identity security concern.
The report, conducted by HYPR and Vanson Bourne, derives insight from 750 IT security decision makers, representing a cross-section of industries in the U.S., U.K., France, Germany, Asia-Pacific and Japan. The findings arrive as organizations scramble to bolster defenses amidst a relentless wave of credential-based attacks, with 91 percent claiming credential misuse or authentication weakness as the breach’s cause (from 2022’s 82 percent).
Despite these figures, 99 percent remain tethered to legacy authentication methods.
“The gap between evolving threats and outdated identity models undermines global security and business growth,” said HYPR CEO and co-founder, Bojan Simic. “While teams scramble to outpace the rate of credential-based attacks, the solution lies in a fundamental shift towards deterministic identity controls – that is phishing-resistant authentication, continuous verification and risk detection and mitigation. A holistic framework built on these principles not only closes legacy loopholes exploited by attackers, but also streamlines processes, boosts operational efficiency and ensures compliance.”
The trend of credential attacks shows no signs of slowing, with high-profile breaches within the healthcare, financial and telco industries already casting a long shadow over 2024. Data reveals that in 2023, 78 percent of organizations suffered an identity-related cyberattack. Drivers included:
- Phishing attacks (39 percent), identity impersonation (28 percent) and push notification exploits (26 percent).
- 69 percent breached via authentication processes.
- 78 percent experiencing identity fraud, with over half falling victim multiple times, each costing an average of $2.78 million.
Additionally, 67 percent deployed new identity tools or changed their authentication methods following a breach, while 33 percent neglected to act. Contradictorily, 89 percent believe that passwordless provides the highest level of security, despite 53 percent clinging to traditional methods. To add to the complexity, organizations are grappling with the paradoxical nature of AI — three-quarters view it as essential armor against cyberattacks, while six in ten see it as a powerful new weapon for adversaries.
41% percent intend to adopt or continue to use passwordless authentication over the next 1-3 years.
97 percent of those who plan to use passwordless will incorporate passkeys.
43 percent of respondents plan to incorporate the technology.
49 percent are likely to expand employee training programs with the goal to reduce human-led authentication errors.
For HYPR’s partner program, click here.
