Report: Organizations Are Scrambling to Overhaul Their Identity Security Frameworks Amidst Surge in Recent Attacks

Evidence shows many are over relying on AI to thwart adversaries leading to flawed defenses

NEW YORK, May 21, 2024 (GLOBE NEWSWIRE) -- HYPR, the Identity Assurance Company today released its 2024 State of Passwordless Identity Assurance Report. The fourth annual edition unveils the persistent trend of credential misuse and authentication weaknesses as primary drivers of breaches, costing victim organizations an average of $5.48 million over the past year. In response, there is a resounding call for identity-first security strategies, prioritizing passwordless adoption and frictionless identity verification, as key defenses. Interestingly, 75% of respondents expect AI to combat cybercriminals, despite 60% naming AI-powered threats as their biggest identity security concern.

Conducted by HYPR and Vanson Bourne, the report derives insights from 750 IT security decision makers, representing a cross-section of industries in the UK, France, and Germany, Asia-Pacific and Japan, and the United States. The findings arrive during a critical turning point, as organizations scramble to bolster defenses amidst a relentless wave of credential-based attacks. In fact, nine out of ten (91%) claim credential misuse or authentication weakness as the cause behind a breach — up from 82% in 2022. Yet, despite these alarming figures, 99% of respondents remain tethered to legacy, vulnerability-rife authentication methods.

“The gap between evolving threats and outdated identity models undermines global security and business growth. While teams scramble to outpace the rate of credential-based attacks, the solution lies in a fundamental shift towards deterministic identity controls – that is phishing-resistant authentication, continuous verification, and risk detection and mitigation,” said Bojan Simic, CEO and Co-founder of HYPR. “A holistic framework built on these principles not only closes legacy loopholes exploited by attackers, but also streamlines processes, boosts operational efficiency and ensures compliance.”

HYPR 2024 State of Passwordless Identity Assurance Report Infographic

Credential-based attacks continue to surge, exposing the limits of current prevention strategies

The trend of credential attacks shows no signs of slowing, with high-profile breaches within the healthcare, financial and telco industries, already casting a long shadow over 2024. Data reveals that in 2023, 78% of organizations suffered an identity-related cyberattack. The drivers:

  • Almost four in ten (39%) experienced phishing attacks; identity impersonation struck 28% of organizations, while push notification exploits were the fifth most common vector at 26%.
  • More than two-thirds (69%) were breached via authentication processes, unsurprising considering most employees use four different types of authentication methods.
  • 78% experienced identity fraud, with over half falling victim multiple times, each incident costing an average of $2.78 million.

Passwordless gains traction with signs of progress in identity security despite paradox

It is evident that organizations are hindering their own identity-first security initiatives by misplacing priorities. For example, only 67% deployed new identity tools or changed their authentication methods following a breach, while 33% neglected to act. Contradictorily, 89% believe that passwordless provides the highest level of security, yet over half (53%) cling to vulnerable username/ password methods. To add to the complexity, organizations are grappling with the paradoxical nature of AI with three quarters viewing it as essential armor against cyberattacks, while six in ten recognize it as a powerful new weapon for adversaries. On a positive note:

  • Four in ten (41%) intend to adopt or continue to use passwordless authentication over the next 1-3 years.
  • 97% of those who plan to use passwordless, will incorporate passkeys.
  • Identity verification is emerging as a priority with 43% of respondents planning to incorporate the technology.
  • Close to half (49%) are likely to expand employee training programs with the goal to reduce human-led authentication errors.

“HYPR’s research shows that identity assurance isn't just about security, it's a foundational pillar for building a resilient and adaptable future. Organizations that prioritize it gain a strategic advantage by fostering seamless and secure experiences. This not only boosts productivity but, more importantly, cultivates trust with key stakeholders,” said Anthony Belfiore, Chief Security Officer at Wiz. “In today's rapidly evolving digital landscape, robust identity security isn't just about survival; it's the catalytic force that empowers businesses to thrive in an uncertain and ever-changing environment.”

WEBINAR: What Are the Top Identity Threats in 2024? Insights From the Annual State of Passwordless Identity Assurance Report
Join HYPR and the FIDO Alliance
Date: June 6, 2024 at 11am PT
Bojan Simic, CEO & Co-founder, HYPR
Andrew Shikiar, Executive Director & CEO, FIDO Alliance                

About HYPR
HYPR, the Identity Assurance Company, helps organizations create trust in the identity lifecycle. The HYPR solution provides the strongest end-to-end identity security, combining modern passwordless authentication with adaptive risk mitigation, automated identity verification and a simple, intuitive user experience. With a third-party validated ROI of 324%, HYPR easily integrates with existing identity and security tools and can be rapidly deployed at scale in the most complex environments.

About Vanson Bourne
Vanson Bourne is an independent specialist in market research for the technology sector. Their reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets. For more information, visit

Fabienne Dawson

A photo accompanying this announcement is available at