Enterprises spend 11 person hours resolving a single security alert
- Complexity and identity fragmentation allow malicious actors to hide between technology borders
- AI will accelerate identity risk without proper security guardrails
OAKLAND, CA – August 19th, 2025 – On average, enterprises spend 11 person hours investigating and remediating a single critical identity-related security alert, according to a new Enterprise Strategy Group study. This response time bottlenecks the capacity of security teams to manage alert volume, and this is only made worse in the age of AI. Not only does AI introduce a new type of identity, but in many organizations, its rapid innovation is outpacing organizational oversight and creating new attack vectors.
Enhancing security teams’ ability to provide insights into suspicious activity is critical in this market context. Identity is already fragmented across cloud services (e.g. Azure, AWS), developer platforms (e.g. GitHub), identity providers (e.g. Okta), and infrastructure resources (databases, servers, Kubernetes, workloads). This fragmentation obscures the pathway any engineer or user – human or AI – uses to access resources.
Ev Kontsevoy, CEO of Teleport, a sponsor of Enterprise Strategy Group’s research, said: “When it only takes minutes for threat actors to move laterally across your infrastructure, 11 hours to investigate an identity-related incident simply isn’t good enough. As we move deeper into the age of AI, we must remember that AI dramatically lowers the cost of identity attacks, and we must expect the frequency of them to increase. We must improve the trustworthiness of computing environments. We can only achieve this by eliminating anonymity and human error, and by unifying identity to simplify policy enforcement and enhance visibility of what each identity is doing.”
Additionally, the ease with which criminals can obtain valid static credentials (e.g. passwords, API keys) to impersonate identities only heightens the difficulty of investigations, making contextual insights essential. Credential theft now accounts for one-in-five data breaches, with the number of compromised credentials having surged 160% in 2025 so far.
Comprehensive identity management will be particularly crucial as businesses deploy AI agents that interact with core enterprise systems. The study found that nearly half (44%) of businesses have already deployed AI, which risks creating yet another identity silo involving potentially over-privileged access to sensitive data and resources across infrastructure. Over half of respondents echo this concern, with 52% ranking ‘data privacy issues’ as the biggest risk related to AI.
The significant fragmentation of identities is also reflected in the tools that enterprises use to manage them. In fact, the study found that workforce identity teams use an average of 11 tools to trace identity-related security issues, suggesting companies require a more cohesive approach to manage identities in a unified way.
“Most cybersecurity solutions only see part of the picture,” says Todd Thiemann, principal analyst at Enterprise Strategy Group. “Few organizations understand the scale of the threat, let alone how quickly malicious actors can move laterally and disrupt systems. Each application expands a company’s security and compliance surface area, often faster than they can govern it, and few are easily integrated with identity tools. This leaves blind spots, orphaned accounts, inconsistent access privileges, and gaps in auditability, which significantly raises the risk of breaches and regulatory penalties.”
Ev Kontsevoy adds: “The blind spots created by complex IT aren’t just a danger to security. They’re bottlenecking the productivity of engineers and security professionals. They need a way to quickly answer vital questions. Who accessed database X and with what permissions? Is this behavior unusual for the identity in question? What’s the full summary of what an identity did in a single session across platforms? To answer these questions, we need a different approach to cybersecurity, one that isn’t based on secrets and siloed identities, but on combining unified, cryptographic identity with just-in-time access. That’s how we minimize the attack surface.”
To address the vast complexities of modern infrastructure and security tools, Teleport recently launched Identity Security, the cybersecurity industry’s first ‘full identity chain observability’ solution. With it, security teams can spot risky activity within minutes, instead of spending hours stitching together fragmented logs or building custom correlation rules.
Read more about how Teleport Identity Security here: https://goteleport.com/about/newsroom/press-releases/teleport-targets-hidden-infrastructure-risk/
NOTE TO EDITORS:
- The study surveyed 370 IT and cybersecurity decision makers familiar with their organization’s workforce IAM and identity security processes and technologies.
- Organizations with 100+ employees – 96% enterprise (1,000+ employees); 4% midmarket (100 to 999 employees).
- Multiple industry verticals, including financial, manufacturing, and technology, among others.
Media contact
///
