31% of users in monitored SMB environments are exposed to compromised passwords each month.

Session hijacking incidents increased by 23% over a 180-day period.

89% of monitored SMBs have at least one user with confirmed credential compromise at any given time.

69% of healthcare and manufacturing security leaders demand identity-based controls in any modern solution.

Machine identities outnumber human users by 25:1 in Microsoft 365 environments.

Each compromised device yielded an average of 87 stolen credentials.

276 million of the credentials indexed in 2025 included active session cookies.

50% more credentials were identified in the second half of 2025 than in the first half of the year.

90% more credentials were identified in the last three months of 2025 than in the first three months

Over half of all credentials (53%) were indexed within one week of exfiltration, and 36.4% within 24 hours.

Of the 7 million credentials indexed with identifiable authorization URLs, 63.2% were tied to authentication systems.

3.3 billion compromised credentials and cloud tokens make identity the primary exploit vector.

21% of cybersecurity intrusions investigated involved actors leveraging stolen human and non-human identities for initial access.

Identity weaknesses play a material role in nearly 90% of investigated incidents.

40% of cybersecurity professionals in the United States reported that Multi-Factor Authentication (MFA) is not consistently enforced for privileged accounts in 2025.

At Infosecurity Europe, 18% of cybersecurity professionals reported fully implemented zero-trust frameworks in 2025.

61% of cybersecurity professionals in Germany identified deepfakes as the most significant identity-based threat in 2025.

43% of cybersecurity professionals in the United Kingdom reported that Multi-Factor Authentication (MFA) is not consistently enforced for privileged accounts in 2025.

16% of cybersecurity professionals in the United States reported that their organizations are fully prepared to handle AI-enhanced attacks in 2025.

50% of cybersecurity professionals in the United Kingdom identified phishing as the top identity-based threat in 2025.