Austin, Texas, USA, September twenty third, 2025, CyberNewsWire
New SpyCloud 2025 Identification Menace Report reveals harmful disconnect between perceived safety readiness and operational actuality.
SpyCloud, the chief in identification risk safety, at this time launched the 2025 SpyCloud Identification Menace Report, revealing that whereas 86% of safety leaders report confidence of their potential to forestall identity-based assaults, 85% of organizations had been affected by a ransomware incident not less than as soon as previously yr – with over one-third affected between six and ten instances.
Additional illustrating the hole between perceived confidence and precise publicity, the market survey of over 500 safety leaders throughout North America and the UK revealed that over two-thirds of organizations are considerably or extraordinarily involved about identity-based cyberattacks, but solely 38% can detect historic identification exposures that create threat because of poor cyber hygiene like credential reuse.
As organizations grapple with sprawling digital identities throughout SaaS platforms, unmanaged gadgets, and third-party ecosystems, attackers are capitalizing on these gaps.
“From phishing and infostealer infections to reused credentials and unmanaged entry, at this time’s risk actors are exploiting neglected identification exposures,” stated Damon Fleury, SpyCloud’s Chief Product Officer.
“These ways permit adversaries to bypass conventional defenses and quietly set up entry that may result in follow-on assaults like ransomware, account takeover, session hijacking, and fraud. This report surfaces the vital reality that many organizations really feel ready however their defenses don’t prolong to the locations adversaries at the moment are working.”
Identification Sprawl is Increasing the Assault Floor
Identification has change into the gravitational middle of recent cyber threats.
A person’s digital identification now spans a whole lot of touchpoints, together with company and private credentials, session cookies, monetary information, and personally identifiable data (PII) throughout SaaS platforms, managed and unmanaged gadgets, and third-party functions.
These components when uncovered on the darknet create an enormous, interconnected assault floor ripe for exploitation. SpyCloud has recaptured 63.8 billion distinct identification information from the darkish internet, a 24% enhance year-over-year.
This illustrates the unprecedented scale of knowledge circulating within the prison underground, leaving organizations weak as a result of they lack the visibility and automation wanted to close down these exposures earlier than they change into further entry factors for follow-on identity-based assaults.
This surge in publicity is fueling broad concern. Almost 40% of organizations surveyed recognized 4 or extra identity-centric threats as “excessive” issues, with phishing (40%), ransomware (37%), nation-state adversaries (36%), and unmanaged or unauthorized gadgets (36%) main the record.
Insider Threats Start with Identification Compromise
The report additionally highlights that insider threats, whether or not malicious or unwitting, usually share a typical origin: identification compromise.
Nation-state actors, together with North Korean IT operatives, are leveraging stolen or artificial identities to infiltrate organizations by posing as respectable contractors or workers.
SpyCloud’s investigative findings present that attackers are assembling artificial identities utilizing phished cookies, malware-exfiltrated API keys, and reused credentials to move background checks and weak screening processes.
Additional emphasizing this level, earlier SpyCloud analysis discovered that 60% of organizations nonetheless depend on handbook, ad-hoc communication between HR and safety groups.
With out hardened safety screening that offers organizations visibility into candidates’ historic identification misuse and connections to prison infrastructure, these actors can stay undetected till it’s too late.
On the identical time, respectable workers, contractors, or companions might unknowingly introduce threat when their identities are compromised.
These unwitting insiders are incessantly focused by way of phishing and infostealer malware, leading to stolen credentials and session cookies that present persistent entry to inner programs.
Phishing, particularly, was cited because the main entry level for ransomware in 2025, accounting for 35% of incidents – a 10-point enhance over the earlier yr.
Defenses Fall Quick in Responding to Identification-Primarily based Threats
Regardless of rising consciousness of identity-driven threats, most organizations will not be geared up to reply successfully:
57% lack sturdy capabilities to invalidate uncovered classes
Almost two-thirds lack repeatable remediation workflows
About two-thirds would not have formal investigation protocols
Lower than 20% can automate identification remediation throughout programs
Solely 19% of organizations have automated identification remediation processes in place. The remainder depend on case-by-case investigation or incomplete playbooks that go away gaps attackers can exploit.
“The protection mission has modified,” stated Trevor Hilligoss, SpyCloud’s Head of Safety Analysis. “Attackers are opportunistic, chaining collectively stolen identification information to search out any accessible entry level.
But conventional defenses stay narrowly centered on conduct and endpoints – lacking the identification exposures that allow persistent, undetected entry.
The information exhibits organizations should prolong safety to the identification layer, and hold a steady eye on exposures and remediation to close down threats earlier than follow-on assaults can happen.”
Closing Identification Gaps Earlier than Insider Threats Escalate
The report underscores the necessity for a holistic method to identification safety. This implies constantly correlating exposures throughout customers’ full digital footprint – together with previous and current, private and company identities – and automating remediation of compromised credentials, cookies, PII, and entry tokens.
In doing so, organizations transfer past account-level safety and achieve visibility into identification dangers risk actors had been beforehand exploiting.
SpyCloud’s holistic identification intelligence empowers organizations to forestall identity-based threats by:
Detecting fraudulent job candidates earlier than entry is granted
Figuring out compromised workers and customers throughout gadgets and environments
Invalidating uncovered classes and credentials at scale
Accelerating investigations by way of automated correlation of darknet publicity information
“Groups that excel in identification safety know precisely the place exposures exist, can tackle them at scale, function with clearly outlined obligations, and frequently adapt fairly than merely react,” added Fleury.
“The long run belongs to those that deal with identification as mission-critical – constructing programs that detect compromise early, reply decisively, and beat risk actors from launching additional assaults whereas retaining a robust and safe workforce.”
Customers can click on right here to entry the complete report or contact SpyCloud to study extra.
About SpyCloud
SpyCloud transforms recaptured darknet information to disrupt cybercrime. Its automated identification risk safety options leverage superior analytics and AI to proactively stop ransomware and account takeover, detect insider threats, safeguard worker and client identities, and speed up cybercrime investigations.
SpyCloud’s information from breaches, malware-infected gadgets, and profitable phishes additionally powers many fashionable darkish internet monitoring and identification theft safety choices.
Prospects embody seven of the Fortune 10, together with a whole lot of worldwide enterprises, mid-sized corporations, and authorities businesses worldwide.
Headquartered in Austin, TX, SpyCloud is dwelling to greater than 200 cybersecurity specialists whose mission is to guard companies and shoppers from the stolen identification information criminals are utilizing to focus on them now.
To study extra and see insights in your firm’s uncovered information, customers can go to spycloud.com.
Emily Brown
REQ on behalf of SpyCloud
[email protected]
