Stop attacks before they spread with Okta’s Identity Threat Protection

Identity Threat Escalation

Identity has emerged as the central battleground in cybersecurity. In 2025, attackers increasingly exploited credentials, session tokens, and authentication flaws rather than traditional vulnerabilities. This shift reflects a broader trend where breaches start with legitimate access, allowing threat actors to move laterally and exfiltrate data undetected. Reports indicate that identity issues factored into almost 90% of investigated incidents, up from previous years, driven by the proliferation of cloud services, remote work, and interconnected supply chains.

What changed recently is the integration of AI into attack toolkits. AI enables faster reconnaissance, automated phishing, and deepfake impersonations, compressing attack lifecycles. For instance, data exfiltration now occurs in hours rather than days in some cases. This acceleration coincides with a rise in ransomware and data extortion, where groups like Scattered Spider use social engineering to compromise third-party providers, affecting millions downstream.

The real-world impact spans sectors. Manufacturing firms like Jaguar Land Rover faced production halts in 2025, costing tens of millions in downtime. Healthcare providers dealt with exposed patient records, as seen in breaches at SimonMed Imaging involving 1.2 million individuals. Financial institutions, such as TransUnion, saw consumer data leaked, eroding trust and inviting regulatory scrutiny. Small and medium enterprises, often lacking robust defenses, suffer disproportionately, with recovery times extending months.

Concrete stakes include soaring costs: global breach averages hit $4.4 million in 2025, excluding long-term reputational harm. Deadlines loom with evolving regulations; for example, EU mandates under NIS2 require incident reporting within 72 hours, with fines up to 2% of global turnover for non-compliance. Risks of inaction are stark—insurers now scrutinize identity posture, denying claims if multi-factor authentication gaps exist, as in the City of Hamilton's $18 million loss. Cyber insurance premiums rose 20-50% for poor performers.

Non-obvious angles include trade-offs in adopting passwordless authentication. While it reduces phishing risks, implementation can disrupt workflows, creating tension between security teams and operations. Another is the overlooked threat of non-human identities, like API keys, which lack monitoring and fuel supply chain attacks. Stakeholder tensions arise too: boards demand resilience, but budget constraints force prioritization, often sidelining proactive identity threat detection and response (ITDR) tools. Surprising data shows insider threats, including disgruntled employees, accounting for 8% of access points, blending with external risks.