75% of Firms Skip Regular Identity Recovery Tests: Survey

The Quest Software State of ITDR survey of 650 senior IT and security executives reveals a striking gap in disaster‑recovery hygiene. More than three‑quarters of respondents admit they do not rehearse identity‑focused recovery within the recommended six‑month window, and nearly one‑quarter have never run a test at all. This laxity leaves critical Active Directory, Entra ID and service‑account ecosystems exposed to prolonged downtime after a breach, eroding both operational continuity and stakeholder trust. The survey also shows that only 24 percent of firms adhere to the six‑month cadence, highlighting a systemic complacency that could amplify the financial fallout of credential‑theft incidents.

Compounding the risk, AI‑driven attacks have surged, with Microsoft reporting a 57 percent rise in incidents linked to artificial‑intelligence tools. At the same time, machine identities now outnumber human users by an estimated 82:1, creating blind spots that traditional security controls often miss. Despite these pressures, 79 percent of surveyed leaders express confidence that AI can strengthen ITDR, and 78 percent cite proactive threat management as the primary driver for adopting identity‑focused detection and response programs. Organizations that fail to map service accounts and third‑party credentials risk blind spots that attackers exploit for lateral movement, underscoring the need for continuous identity inventory.

Industry frameworks such as NIST’s Cybersecurity Framework and Gartner’s 2025 ITDR guidance now urge organizations to embed regular recovery drills into a broader resilience strategy. By automating restoration—Quest claims a 90 percent acceleration and a 44 percent reduction in mean‑time‑to‑response—companies can cut downtime costs and meet regulatory expectations. Moreover, integrating automated recovery with existing SIEM and SOAR platforms ensures that alerts translate into swift remediation, further shrinking the attack window and preserving brand reputation. Firms that institutionalize six‑month testing and leverage AI‑enhanced detection are better positioned to contain breaches, protect both human and machine identities, and sustain competitive advantage in an increasingly identity‑centric threat landscape.