Cisco Duo Report: 4 Identity Security Takes Center Stage in 2025

Manal Saleh

Cisco’s latest survey reveals that 85% of companies are adopting security-first identity practices as AI-driven threats and growing complexity reshape the cybersecurity landscape.

Riyadh, Saudi Arabia – September 16th, 2025 – Cisco has released its 2025 State of Identity Security report, which explores the challenges and strategies IT and security leaders are adopting to navigate an increasingly complex threat landscape. Based on insights from 650 executives worldwide, the study finds that 85% of organizations are now taking a security-first approach to identity in order to counter AI-driven threats.

In Saudi Arabia, digital transformation is a national priority as outlined in Vision 2030, with cybersecurity playing a pivotal role in safeguarding this progress. Initiatives such as the National Cybersecurity Authority (NCA) and its Essential Cybersecurity Controls (ECC) framework and other inititatives exemplify Saudi Arabia’s commitment to implementing robust security standards across both public and private sectors.

Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, says, “Identity has become the new frontline of cybersecurity. As AI-powered threats accelerate, organizations can no longer rely on fragmented tools and outdated practices. A security-first identity strategy is now essential to protect data, build trust, and enable innovation in an increasingly digital world. At Cisco, we are addressing this challenge head-on through innovations in zero trust, passwordless authentication, and identity threat detection to help organizations strengthen their defenses with speed and confidence.”

Managing access – who, where, and on which device - is a strategic imperative. Cisco’s study reveals that despite recognizing its importance, leaders face significant gaps in confidence and execution, leaving organizations vulnerable.

Facing complexity and a confidence crisis

As identity threats continue to rise and security gaps widen, leaders are facing mounting pressure to protect their organizations. Only 33% are confident that their current identity provider (IdP) can prevent attacks, largely due to complex systems and limited visibility into vulnerabilities, highlighting the urgent need for modern identity security solutions.

A significant 94% of leaders believe identity infrastructure complexity undermines security, while 75% lack a clear understanding of identity-related risks. Over half (51%) of organizations have experienced financial losses from breaches, prompting 82% of financial decision-makers to increase investments in identity security for 2025, demonstrating a strong commitment to addressing vulnerabilities.

AI's double-edged sword: Threat and catalyst for modernization

Artificial intelligence (AI) brings both challenges and opportunities to identity security. AI-powered phishing, cited by 44% of leaders, is a top threat for 2025, alongside insider threats and supply chain attacks.

With 85% of companies adopting security-first practices, organizations are leveraging AI to tackle vulnerabilities and utilize its data-processing power as a defense mechanism.

Persistent phishing threats and MFA gaps

Phishing remains a persistent challenge, highlighting the urgent need for stronger authentication measures and broader adoption of multi-factor authentication (MFA). While 87% of leaders consider phishing-resistant MFA a critical component of their security strategies, only 30% express high confidence in their phishing defenses.

Despite its importance, foundational MFA protections are inconsistently applied. Key drivers of identity breaches include weak or absent MFA (36%), coverage gaps (34%), and failures of one-time passcodes (29%).

A need for security-first IAM

Organizations face challenges but also opportunities to strengthen their defenses. 74% of IT leaders admit that identity security is frequently overlooked during initial infrastructure planning. This reactive approach leads to higher costs, increased complexity, and reduced visibility, hindering effective security management. To address tool sprawl and complexity, 79% are now exploring vendor consolidation to enhance visibility.

Only 52% of organizations have fully integrated identity and device telemetry, limiting real-time insights for security teams. Contractor and third-party access remain weak points, with 86% acknowledging gaps in controls. While 87% recognize the importance of identity threat detection and response, only 32% have deployed Identity Security Posture Management (ISPM) solutions, underscoring a critical gap in identity security practices.

The 2025 State of Identity Security report underscores the urgent need for organizations to prioritize robust, security-first identity practices in response to the growing complexity of threats. By addressing gaps in confidence, execution, and infrastructure, businesses can not only protect against AI-driven threats but also foster trust and enable innovation in an increasingly digital world.

The complete global study can be found here.
Infographics on the global figures can be found here.