Carrier Management: Major Gap Between Identity Security Confidence and Reality: Study

The report highlights a growing disconnect between perceived and actual identity security across North America and Europe. Decision‑makers remain confident they can revoke access quickly, yet real‑world data shows a sizable fraction of organizations stumbling on execution. Fragmented governance—evidenced by only 50% of firms having unified reporting and 48% consolidating budget control—creates blind spots that amplify risk, especially as the average enterprise now juggles three or more credential and authentication platforms.

Passkey adoption is touted as the antidote to phishing and credential‑based breaches, with 93% of surveyed firms at some stage of implementation and 65% claiming high technical familiarity. However, the gap between pilot projects and enterprise‑wide deployment is stark: merely 13% have rolled out passkeys at scale. This limited rollout dilutes the protective benefits, leaving the majority of users exposed to legacy password attacks. The study underscores that passkeys only deliver their full security promise when integrated across both digital and physical identity ecosystems, eliminating the fragmented silos that currently hinder visibility.

For sectors with stringent regulatory demands—finance and the public sector in particular—the stakes are higher. Finance shows the most fragmented reporting structures, while the public sector suffers the highest revocation failure rate at 43%, double that of IT. Companies must prioritize unified identity governance, consolidate budgeting, and accelerate comprehensive passkey deployment to reduce incident rates and meet compliance obligations. As authentication evolves, organizations that align governance, simplify credential ecosystems, and fully embrace passwordless solutions will gain a competitive edge and mitigate emerging cyber threats.