-Content by CyberNewswire-

Cybersecurity

SpyCloud has released the 2025 SpyCloud Identity Threat Report, highlighting significant identity-based security challenges faced by organizations. Despite 86% of security leaders expressing confidence in their ability to prevent such attacks, 85% of organizations experienced at least one ransomware incident in the past year, with over one-third encountering between six and ten incidents.

The report, based on a survey of over 500 security leaders in North America and the UK, reveals that while two-thirds of organizations express significant concern about identity-based cyberattacks, only 38% can detect historical identity exposures. These exposures often arise from poor cyber hygiene, such as credential reuse, which attackers exploit.

Identity Sprawl and the Expanding Attack Surface

Modern cyber threats increasingly target digital identities, which encompass numerous touchpoints, including credentials, session cookies, financial data, and personally identifiable information across various platforms and devices. SpyCloud has recovered 63.8 billion distinct identity records from the dark web, a 24% increase from the previous year, indicating the vast scale of data vulnerable to exploitation.

Nearly 40% of organizations surveyed identified multiple identity-centric threats as extreme concerns, with phishing, ransomware, nation-state adversaries, and unauthorized devices topping the list.

Insider Threats Originating from Identity Compromise

The report also addresses insider threats, which often stem from identity compromise. Attackers use stolen or synthetic identities to gain access, posing as legitimate contractors or employees. SpyCloud’s findings show that attackers create synthetic identities using phished cookies, malware-exfiltrated API keys, and reused credentials.

Furthermore, the report notes that 60% of organizations still rely on manual communication between HR and security teams, lacking robust security screening to detect historical identity misuse.

Defenses Against Identity-Based Threats

Many organizations are not adequately prepared to respond to identity-driven threats:

• 57% lack strong capabilities to invalidate exposed sessions
• Nearly two-thirds lack repeatable remediation workflows
• About two-thirds do not have formal investigation protocols
• Less than 20% can automate identity remediation across systems

Only 19% of organizations have automated identity remediation processes, with most relying on incomplete playbooks that leave vulnerabilities exposed.

Closing Identity Gaps

The report emphasizes the importance of a comprehensive approach to identity protection. Organizations should correlate exposures across users’ digital footprints and automate the remediation of compromised credentials, cookies, PII, and access tokens. SpyCloud’s identity intelligence solutions aim to prevent identity-based threats by:

• Detecting fraudulent job candidates before access is granted
• Identifying compromised employees and users across devices
• Invalidating exposed sessions and credentials at scale
• Accelerating investigations through automated correlation of darknet exposure data

Teams that excel in identity security are proactive, addressing exposures at scale and adapting continuously to prevent further attacks.

-This is a paid press release published via CyberNewswire-