New Study Reveals Only 49% of Organizations Proactively Invest in Identity Protection Prior to a Security Incident

With 90% of Organizations Reporting an Identity-Related Breach in the Last 12 Months, the Identity Defined Security Alliance Provides Insights to Help Reduce Risk

DENVERMay 30, 2023 /PRNewswire/ — The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, today unveiled its 2023 Trends in Identity Security report, based on an online survey of over 500 identity and security professionals. This report provides a deep dive into the progress organizations are making in defending against the rapid increase in cyberattacks and the approaches large companies are taking toward security and identity.

Identity-related incidents continue to plague organizations with an alarming 90% reporting one in the last 12 months, a 6% increase from last year’s report. As identities continue to significantly grow, identity stakeholders are faced with an increasing number of barriers without the needed support from leadership. A staggering 49% report that their leadership teams understand identity and security risks and proactively invest in protection before suffering an incident, while 29% only engage and support after an incident.

“As cloud adoption, remote work, mobile device usage, and third-party relationships drive up the number of identities, more and more organizations are suffering from identity-related incidents,” said Jeff Reich, Executive Director, IDSA. “Protecting digital identities has never been more important in the fight against increasingly savvy cyberattacks. And while managing and securing identities continues to be called out as a top priority by organizations, meaningful shifts in proactive investment and leadership are necessary to reduce risk.”

Protecting digital identities has never been more crucial as cyberattacks rapidly increase in sophistication and volume. Organizations need to ensure only the right people have access to the right data, networks, and systems and that they use technologies effective at preventing malicious actors from gaining access to sensitive information. The research finds that as the number of identities increases, more businesses are suffering identity-related incidents and are prioritizing securing them as a critical priority. Securing these identities remains a significant challenge for most organizations and security outcomes are a work in progress.

Key Research Findings:

Number of barriers and a lack of proactive investment from leadership presents biggest challenge

  • Top two barriers for security teams are identity frameworks being complicated by multiple vendors and different architectures (40%) and complex technology environments (39%)
  • Respondents also identified insufficient budget (30%), a lack of expertise (29%), standards (26%), people (25%), and governance (23%) as barriers
  • Only 49% of identity stakeholders said their leadership teams understand identity and security risks and proactively invest in protection prior to an incident

Identity growth continues, making identity a top security priority

  • 55% report that the adoption of more cloud applications is the main reason for an increase in the number of identities
  • Other critical factors driving identity growth were identified as the rises in remote work (50%), mobile device usage (44%) and third- party relationships (41%)
  • 86% of respondents say managing and securing identity is one of the top five priorities of their security program

2023 trends are impacting identity security

  • 89% of businesses are somewhat or very concerned that new privacy regulations will impact identity security
  • 98% of respondents report AI/ML will be beneficial in addressing identity-related challenges, with 63% stating the number one use case is identifying outlier behaviors
  •  Social media is a key concern for businesses, with 90% saying they were slightly or very worried about employees using corporate credentials for their social media accounts

Investments in security outcomes improving, but still a work in progress

  • 96% of identity stakeholders said that security outcomes could have lessened the business impact of incidents
  • 42% of respondents said implementing MFA for all users could have prevented or minimized the effect of incidents, followed by timely reviews of access to sensitive data (40%) and privileged access (34%)
  • 97% reported that they are planning to further invest in security outcomes in the next 12 months

Identity Defined Security Alliance Resources
The Identity Defined Security Framework, collaboratively developed by leading vendors, solution providers and practitioners, provides vendor-neutral best practices and security outcomes for improving the security of digital identities. According to the report, 96% of organizations believe that the IDSA’s Identity Defined Security Outcomes may have prevented or minimized the impact of the breaches they suffered. Included with each Identity Defined Security Outcome are vendor-neutral implementation approaches, which are well-defined patterns that combine identity and security capabilities. To view the full library of outcomes, visit

To download the full report, visit

Identiverse 2023
Join panelists from Target, Comcast, Intuit, Dimensional Research and the IDSA as they discuss the 2023 Trends in Securing Digital Identities on Tuesday, May 30 from 2:30 pm – 3:20 pm PT. To learn more about IDSA and the Identity Defined Security Framework, please visit booth #1008.

Survey Methodology
Dimensional Research conducted an independent online survey of IT security and identity professionals in the United States. A total of 529 qualified individuals completed the survey. A variety of questions were asked on history with identities and security, current plans, and other topics. Certain questions were repeated from similar surveys conducted in 2021 and 2022 to enable trend analysis. All are directly responsible for IT security or identities at a company with more than 1,000 employees and are very knowledgeable about both IT security and identities.

About the Identity Defined Security Alliance
The IDSA is a group of identity and security vendors, solution providers, and practitioners that acts as an independent source of thought leadership, expertise, and practical guidance on identity-centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices, and resources. For more information on the Identity Security Alliance and how to become a member, visit

Follow the IDSA:
Join the Community:

Media Contact:
Angelique Faul
Silver Jacket Communications



Let's work together to help everyone become more secure.