Key findings from the 2026 report include:

• Identity breaches surge, driving escalating costs
• Help desk hijacks emerge as a major threat
• AI optimism is high, but passwordless progress stalls

LONDON: A new global report from RSA, the security-first identity leader, reveals that identity caused both more frequent and more expensive data breaches this year than last. The 2026 RSA ID IQ Report reveals critical insights from more than 2,100 cybersecurity, identity and access management (IAM), and IT professionals on how frequently identity failed organisations, the financial impacts their organisations suffered when it did, attitudes on AI’s cybersecurity potential, the factors limiting the growth of passwordless authentication, and more. The report also details key differences that set British organisations apart from the rest of the world.

Key findings include:

• Identity breach frequency surged: 69% of global organisations experienced an identity-related breach in the last three years, a 27-percentage-point increase year-over-year. That 64% relative increase suggests either a surge in successful identity attacks, better detection or reporting, or both. In either case, the report shows that the identity risk environment has become even more dangerous.
• The UK reported the most significant harm resulting from identity-related breaches, with 47% of British respondents saying identity breaches caused their organisation major harm.
• Identity breach costs escalated: 45% of global organisations said that the cost of an identity-related breach exceeded the typical cost of a breach as defined by IBM. Notably, 24% of organisations said costs exceeded $10M, a three-percentage-point year-over-year increase since the previous year’s survey.
• IT Help Desk bypass and social engineering attacks are a top threat: Following high-profile breaches at Marks & Spencer, Co-Op, MGM Resorts, and others that originated at organisations’ IT help desks, 65% of organisations are seriously concerned about a similar attack, and 51% consider service desk bypass attacks their most significant risk. Compared with the rest of the world, British respondents reported the highest degree of concern that their organisation’s help desk would fail to stop a social engineering attack
• Passwordless adoption faces hurdles: 90% of organisations globally reported challenges in moving toward passwordless authentication. This struggle is reflected in user behaviour, as 57% still don't use passwordless as their primary authentication method. British organisations reported some of the slowest progress in implementing passwordless, with 72% saying their users had to rely on passwords to authenticate most of the time,
• Cybersecurity’s AI optimism & adoption: The cybersecurity sector is largely optimistic about AI, with 83% expecting it to benefit cybersecurity more than it will benefit cybercrime in the next three years. This optimism translates into action: 91% of organisations plan to implement AI in their tech stack this year, marking a 12-percentage-point increase year-over-year.

“The 2026 RSA ID IQ Report underscores that identity simply fails too many organisations too often,” said RSA CEO Greg Nelson. “The likelihood of a breach-and the cost of inaction-are too high for leaders to tolerate the status quo. Instead, these new findings should urge organisations to act quickly to keep themselves secure.”

“Identity-related breaches exploded in 2026, jumping from impacting 42% of organisations to 69% in just one year, with help desk social engineering emerging as a major new attack vector,” said RSA Chief Marketing and Growth Officer Laura Marx. “It’s urgent that leaders use this data to assess their identity capabilities and prioritize the actions to stay safe.”

“The 2026 RSA ID IQ Report demonstrates that the UK faces unique cybersecurity challenges and growing concern that our IT help desks will put organisations here at risk,” said Ben Tuckwell, Regional Director, EMEA West. “British security leaders should download the report to learn the global trends shaping identity security and the pronounced local risks that set the UK apart.”

Resources:

Download the 2026 RSA ID IQ Report

Download the 2026 RSA ID IQ Report Infographic

About RSA:

RSA provides mission-critical cybersecurity solutions that protect the world’s most security-sensitive organisations. The RSA Unified Identity Platform provides true passwordless identity security, risk-based access, automated identity intelligence, and comprehensive identity governance across cloud, hybrid, and on-premises environments. More than 9,000 high-security organisations trust RSA to manage more than 60 million identities, detect threats, secure access, and enable compliance. For additional information, visit our website to contact sales, find a partner, or learn more about RSA.

Fonte: Business Wire