New FIDO Alliance and HID Study Reveals Major Gap Between Identity Security Confidence and Reality

The new FIDO‑HID report underscores a paradox in enterprise identity management: confidence outpaces capability. Executives tout rapid de‑provisioning, yet more than a third admit to real‑world delays, creating a fertile ground for insider threats and lingering access after employee turnover. This disconnect fuels the 70% incident rate, translating into higher breach remediation costs, regulatory penalties, and reputational damage. Companies that over‑promise on revocation without robust processes risk eroding stakeholder trust and facing intensified audit scrutiny.

Fragmented governance compounds the problem. Only 50% of surveyed firms have a single owner for physical and digital identity reporting, and less than half control budgets centrally. The result is a patchwork of three or more credential systems in the majority of organizations, inflating operational overhead and obscuring visibility. Finance and public‑sector entities, in particular, struggle with siloed structures that impede coordinated response to access‑related incidents, driving higher failure rates and manual revocation workloads.

Passkey adoption offers a clear path forward, but scale remains elusive. While 93% of respondents are on the passwordless journey and 65% claim technical expertise, merely 13% have rolled out passkeys enterprise‑wide. This limited deployment curtails the phishing‑resistant benefits that passwordless authentication promises. As threat actors continue to exploit weak points, vendors and security leaders must accelerate comprehensive passkey integration, consolidate identity governance, and invest in unified credential platforms to close the gap between confidence and reality.