LONDON, UNITED KINGDOM, July 4, 2025 /ennovaterz/ — Identity-based attacks have taken centre stage as the top cybersecurity concern for organisations in the coming year, according to a new survey conducted by Keeper Security at Infosecurity Europe 2025. The leading cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, found nearly one in four (23%) of cybersecurity professionals cited threats such as phishing, credential stuffing and other identity-targeted tactics as the most likely cause of a major breach – highlighting the growing intersection between AI-powered exploits and insufficient access controls.
The data also exposes a widening gap between zero-trust maturity and AI threat preparedness. Among organisations with a highly effective zero trust implementation, half of respondents said they were fully or partially confident in their ability to manage AI threats. In contrast, organisations with little to no zero-trust controls in place reported significantly lower levels of confidence.
Keeper’s survey of 160 cybersecurity professionals at the conference reveals an industry under pressure: identity-driven risks are rising, while organisations grapple with the realities of defending against AI-generated phishing, deepfakes and automated exploits. Despite AI’s promise, most professionals aren’t confident in their readiness – only 12% said their organisation is fully prepared to handle AI-enhanced attacks, while more than half expressed uncertainty or doubt.
Yet, AI is also seen as a potential solution. Over half of respondents (53%) said AI-driven identity validation and authentication will be the most transformative technology in the next three to five years, surpassing traditional password solutions and quantum-resistant encryption.
While zero trust is widely acknowledged as a strategic imperative, real-world adoption remains slow. Just 18% of respondents reported a highly effective zero trust implementation. Nearly half (44%) said they haven’t started implementing zero trust or do not view it as relevant to their organisation. Common roadblocks include budget constraints, executive support and the complexity of integrating zero-trust frameworks within existing systems. Without these controls, gaps in identity and access management persist – leaving organisations vulnerable to privilege escalation, insider threats and account takeovers.
The survey also shed light on common PAM failures. The most cited mistakes included:
- Failing to enforce Multi-Factor Authentication (MFA) – 43%
- Granting excessive permissions – 35%
- Not revoking access when no longer needed – 34%
- Lack of visibility into privileged accounts – 30%
- Absence of dedicated PAM tools – 37%
These shortcomings are often exacerbated by third-party access risks (35%) and poor auditing practices (30%).
While over half (53%) believe AI risks are overhyped in the media, cybersecurity professionals take a more grounded view. Only 24% believe the industry is overstating the danger, and many acknowledge the very real threat of AI-enhanced attacks – especially when identity security is weak. Among end users, 42% believe AI threats are exaggerated, but a sizable portion (32%) remain undecided, signaling a need for more awareness and education.
“The findings from Infosecurity Europe 2025 reinforce what we see everyday – AI is reshaping the threat landscape, and identity-based attacks are becoming more precise, scalable and damaging,” said Darren Guccione, CEO and Co-founder of Keeper Security. “Organisations that haven’t embraced zero trust and strong privileged access controls are falling behind, both in protection and in confidence.”
