Key findings from the 2026 report include:
- Identity breaches surge, driving escalating costs
- Help desk hijacks emerge as a major threat
- AI optimism is high, but passwordless progress needs more work
SYDNEY–(BUSINESS WIRE)–A new global report from RSA, the security-first identity leader, reveals that identity caused both, more frequent and more expensive data breaches this year than last. The 2026 RSA ID IQ Report reveals critical insights from more than 2,100 cybersecurity, identity and access management (IAM), and IT professionals on how frequently identity fails organisations, the financial impacts their organisations suffered when it did, attitudes on AI’s cybersecurity potential, the factors limiting the growth of passwordless authentication, and more. The report also details key differences that set Australian organisations apart from their global peers.
Key findings include:
- Identity breach frequency surged: 69% of organisations experienced an identity-related breach in the last three years, a 27-percentage-point increase year over year. That 64% relative increase suggests either a surge in successful identity attacks, better detection or reporting, or both. In either case, the report shows that the identity risk environment has become even more dangerous. Australia suffers even more identity breaches than the rest of the world, with 92% of respondents in the country reporting an identity breach in the last three years, 23 percentage points above the global average.
- Identity breach costs escalated: 45% of organisations said that the cost of an identity-related breach exceeded the typical cost of a breach as defined by IBM. Notably, 24% of organisations said costs exceeded $10M, a three-percentage-point year-over-year increase since the previous year’s survey. Australian respondents report greater losses than their global peers, with 44% saying identity breaches cost them more than $10M USD.
- IT Help Desk bypass and social engineering attacks are a top threat: Following high-profile breaches at MGM Resorts, Caesars Entertainment Group, and Marks & Spencer where threat actors gained initial access by attacking those organisations’ IT help desks, 65% of organisations are seriously concerned about a similar attack, and 51% consider service desk bypass attacks their most significant risk
- Passwordless adoption faces hurdles: 90% of organisations reported challenges in moving toward passwordless authentication. This struggle is reflected in user behavior, as 57% still don’t use passwordless as their primary authentication method.
- Cybersecurity’s AI optimism & adoption: The cybersecurity sector is largely optimistic about AI, with 83% expecting it to benefit cybersecurity more than it will benefit cybercrime in the next three years. This optimism translates into action: 91% of organisations plan to implement AI in their tech stack this year, marking a 12-percentage-point increase year-over-year. Australia reports an even greater commitment to integrating AI than their peers, with 86% of organisations there saying they plan to bring the technology to their tech stack this year.
“The 2026 RSA ID IQ Report underscores that identity simply fails too many organisations too often,” said RSA CEO Greg Nelson. “The likelihood of a breach—and the cost of inaction—are too high for leaders to tolerate the status quo. Instead, these new findings should urge organisations to act quickly to keep themselves secure.”
“Identity-related breaches exploded in 2026, jumping from impacting 42% of organisations to 69% in just one year, with help desk social engineering emerging as a major new attack vector,” said RSA Chief Marketing and Growth Officer Laura Marx. “It’s urgent that leaders use this data to assess their identity capabilities and prioritize the actions to stay safe.”
“The 2026 RSA ID IQ Report underscores why Australian organisations must prioritize identity security, and the high costs they’ll suffer if they don’t,” said Craig Dore, RSA Field CTO APK. “Security leaders here should download the report to learn about the global trends shaping identity security and the pronounced local risks that set Australia apart.”
Resources:
Download the 2026 RSA ID IQ Report
Download the 2026 RSA ID IQ Report Infographic
Watch the APJ ID IQ Report Webinar on demand
About RSA:
RSA provides mission-critical cybersecurity solutions that protect the world’s most security-sensitive organisations. The RSA Unified Identity Platform provides true passwordless identity security, risk-based access, automated identity intelligence, and comprehensive identity governance across cloud, hybrid, and on-premises environments. More than 9,000 high-security organisations trust RSA to manage more than 60 million identities, detect threats, secure access, and enable compliance. For additional information, visit our website to contact sales, find a partner, or learn more about RSA.
Contacts
