Identity-related breaches are becoming both more frequent and more costly, a new report has found.
The 2026 RSA ID IQ Report draws on insights from 2120 global experts in cybersecurity, IT, and Identity and Access Management (IAM) to examine a range of factors including breach frequency, financial impacts, AI adoption, passwordless progress.
“The 2026 RSA ID IQ Report makes it clear that there are major concerns with most organizations’ identity security. Identity simply fails too many organizations too often.” said RSA CEO Greg Nelson. “The likelihood of a breach—and the cost of inaction—are too high for leaders to tolerate the status quo.”
Identity Breach Frequency and Cost Surge
RSA’s research shows a sharp increase in identity breaches, with 69% of organizations experiencing a breach in the last three years. In addition to becoming more common, identity breaches proved significantly more damaging. Organizations faced steeper recovery expenses, broader operational fallout, and heightened reputational risks.
Nearly half of organizations (45%) reported that identity-related breaches exceeded the typical cost of a breach, as defined by IBM. Meanwhile, 24% said losses topped $10 million, representing a 3% increase from the previous year’s findings.
That surge in cost is concerning, particularly when we compare it with the global cost of a data breach reported in the IBM Cost of a Data Breach Report 2025, which was $4.44. Clearly, failing to secure identities has the potential to be a very costly mistake.
Help Desk Attacks Gain Attention
IT help desk hijacks and social engineering are now seen as major threats. Following high-profile breaches at MGM Resorts, Caesars Entertainment Group, and Marks & Spencer that began at service desks, 65% of organizations expressed serious concern that their IT help desk or service desk would be ill equipped to deal with a social engineering attack, and 51% consider service desk bypasses their most significant risk.
Passwordless Adoption Remains Challenging
Despite the industry wide push toward passwordless authentication, adoption continues to lag behind. Findings from the report show that 90% of organizations have experienced difficulties in shifting to passwordless systems, and 57% of users still do not rely on passwordless as their primary authentication method.
AI Optimism and Integration
Cybersecurity professionals optimism about AI’s potential has gone up, with 83% expecting AI to benefit defenders more than cybercriminals. This optimism is reflected in organization’s plans for implementation, with 91% of them intending to integrate AI into their technology stacks in 2026, marking a 12-percentage-point increase from the prior year.
“Identity-related breaches exploded in 2026, jumping from impacting 42% of organizations to 69% in just one year, with help desk social engineering emerging as a major new attack vector,” said RSA Chief Marketing and Growth Officer Laura Marx. “It’s urgent that leaders use this data to assess their identity capabilities and prioritize the actions to stay safe.”
