By NHI Mgmt Group Editorial TeamPublished 2025-12-17Domain: Governance & RiskSource: Commvault

TL;DR: Consumers punish breach exposure but still practice risky habits such as password reuse and public Wi-Fi, turning security into a trust and loyalty issue rather than a back-office concern, according to Commvault research from a survey of more than 1,000 New Yorkers. The lesson for identity teams is that resilience now has to cover people, systems, and recovery assumptions at once.


At a glance

What this is: This survey argues that consumer trust is increasingly shaped by how well businesses prevent, recover from, and communicate about cyber incidents.

Why it matters: It matters because IAM, IGA, and PAM teams influence whether identity controls support resilience, limit breach impact, and preserve trust across human and non-human access paths.

By the numbers:

👉 Read Commvault's survey analysis on trust, resilience, and data security


Context

Consumer trust in security is no longer a soft brand metric. In this survey, New Yorkers said they would leave or seriously consider leaving a company after a breach, which shows that resilience and incident response now shape customer retention as much as service quality does.

The identity governance link is direct: every breach exposes how well an organisation controls access, limits blast radius, and recovers from compromise. That makes IAM, PAM, and lifecycle governance part of the customer experience, not just the control stack.


Key questions

Q: How should security teams reduce customer impact after an identity-related breach?

A: They should plan for identity containment as part of recovery, not as a separate technical task. That means revoking risky access quickly, terminating active sessions, checking for account reuse, and coordinating public communication at the same time. Customers judge both the breach and the response, so speed and clarity matter together.

Q: Why do consumer security habits matter if the organisation controls the environment?

A: Because organisations cannot assume users will always behave safely, and trust breaks when controls depend on that assumption. People reuse passwords, click through convenience prompts, and use insecure networks. Security teams need controls that absorb those behaviours without letting them determine breach exposure or recovery quality.

Q: What breaks when resilience is treated only as a technical issue?

A: The trust model breaks. Technical containment without clear communication and identity recovery planning leaves customers uncertain, and uncertainty accelerates churn after a breach. Resilience has to connect access controls, incident response, and transparent messaging so the organisation can recover both operationally and reputationally.

Q: Who is accountable for protecting trust when identity controls fail?

A: Accountability sits with the organisation, not with customers who may reuse passwords or make risky connectivity choices. Security, IAM, PAM, and communications teams all share responsibility for reducing breach impact and explaining what happened. In practice, trust failures are governance failures, not just technical ones.


Technical breakdown

Why breach recovery now sits inside the trust model

The article frames resilience as a business obligation because customers judge not only whether an incident happened, but whether the organisation recovered quickly and transparently. That changes the identity security problem: access controls are no longer judged only on prevention, but on how they limit post-breach impact and preserve account integrity during response. In practice, identity telemetry, revocation speed, and privileged access containment become trust signals as much as security controls.

Practical implication: build incident response playbooks that include identity revocation, session termination, and privilege review as customer-facing resilience controls.

Why human cyber hygiene is not enough on its own

The survey points to a familiar gap: people say they value strong security, but still reuse passwords and use public Wi-Fi. That mismatch matters because human behaviour cannot be the primary control plane for enterprise resilience. Identity programmes have to assume convenience-driven behaviour and compensate with stronger authentication, conditional access, and account recovery design that does not rely on perfect user discipline.

Practical implication: treat user behaviour as an input to control design, not a dependency you can assume away.

How the trust model extends to non-human identities

The article focuses on consumer trust, but the same resilience logic applies to NHIs and agentic systems that increasingly sit inside customer-facing workflows. If a service account, token, or AI agent can trigger customer impact, then identity hygiene, least privilege, and fast offboarding are part of brand protection. For NHI governance, this is a reminder that hidden identity failure often becomes visible only at the point of breach.

Practical implication: align NHI lifecycle controls with the customer-impact path, not just with infrastructure ownership.



NHI Mgmt Group analysis

Trust is now an identity outcome, not just a brand outcome. When customers leave after a breach, the organisation is being judged on its access discipline, recovery speed, and transparency. That turns IAM and PAM from internal controls into external trust enablers. Practitioners should treat identity resilience as a customer-retention control.

Consumer inconsistency does not weaken the business case for stronger controls. The fact that people reuse passwords or rely on public Wi-Fi does not reduce organisational responsibility. It increases the need for controls that do not depend on ideal user behaviour, including risk-based access, stronger recovery paths, and tighter privilege boundaries. The implication is that human convenience should shape control design, not override it.

Identity blast radius is the real loyalty risk. The article’s core signal is not only breach occurrence, but how broadly a breach can spread once access is compromised. That is the same failure pattern we see in weak NHI governance, where a single exposed token or overused account can amplify impact across systems. Practitioners should measure how much customer harm one identity compromise can actually create.

Resilience programmes fail when they separate security from communications. Customers punish silence as much as failure, which means identity incident response has to connect technical containment to clear public messaging. Access revocation, account protection, and disclosure timing are part of the same trust workflow. Security teams should plan for recovery as a governance process, not just a technical one.

From our research:

  • 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches, according to 2025 State of NHIs and Secrets in Cybersecurity.
  • 62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure.
  • A useful next lens is Ultimate Guide to NHIs , Static vs Dynamic Secrets, which helps teams understand why long-lived credentials make resilience harder to prove.

What this signals

Identity resilience is becoming a customer-retention control. When consumers evaluate a breach by response quality, the security programme has to prove it can contain access loss quickly and visibly. That is especially true when hidden credentials and overused accounts can prolong exposure long after the initial incident.

With 70% of organisations granting AI systems more access than they would give a human employee performing the exact same job, per the 2026 Infrastructure Identity Survey, the trust model is already stretching beyond human behaviour and into machine-driven access decisions.

Identity blast radius: organisations will increasingly need to measure how much customer harm one compromised account, token, or agent can create. That pushes IAM teams toward tighter scoping, faster revocation, and better coordination with breach communications.


For practitioners

  • Tie customer trust metrics to identity recovery speed Measure how quickly high-risk accounts, tokens, and privileged sessions can be revoked after suspected compromise, then compare that to customer-facing incident communication timing.
  • Reduce reliance on user discipline Use MFA, conditional access, and safer account recovery workflows so password reuse and risky network behaviour do not become the deciding factor in breach exposure.
  • Map identity blast radius for customer-facing systems Identify which human and non-human identities can directly affect customer data, transactions, or service availability, then limit each to the smallest viable scope.
  • Embed identity controls into breach communications planning Align revocation, monitoring, and disclosure workflows so containment actions and public messaging are coordinated before the incident path reaches customers.

Key takeaways

  • The article frames cybersecurity as a trust problem, because customers now judge companies on both breach prevention and recovery quality.
  • Identity controls matter because password reuse, risky access behaviour, and weak revocation speed all expand the impact of a breach.
  • For practitioners, resilience has to connect IAM, PAM, lifecycle governance, and communications planning into one response model.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0RC.RP-1The article centers recovery planning and customer-facing resilience after a breach.
NIST SP 800-53 Rev 5IA-5Identity recovery and credential management are central to limiting breach impact.
OWASP Non-Human Identity Top 10NHI-03The trust and resilience gap widens when non-human credentials persist too long.
NIST Zero Trust (SP 800-207)Section 3.3Zero Trust assumptions are directly relevant to limiting lateral movement after compromise.

Apply continuous verification and least privilege so compromised identities cannot expand customer impact.


Key terms

  • Identity Resilience: The ability of an organisation to prevent, contain, and recover from identity compromise without losing operational trust. It combines authentication, privilege control, revocation speed, and recovery communications so an incident does not become a prolonged customer-confidence failure.
  • Identity Blast Radius: The amount of damage a compromised identity can cause before it is contained. In practice, it reflects how far one account, token, or session can move, what it can reach, and how quickly governance processes can shrink its access after suspicion arises.
  • Trust Model: The set of assumptions customers and stakeholders make about whether an organisation will protect their data and recover well after failure. In identity security, the trust model is shaped by access discipline, response quality, and whether control gaps remain visible after compromise.

What's in the full article

Commvault's full article covers the survey context and consumer trust signals this post intentionally leaves at a higher level:

  • The survey framing behind responses from more than 1,000 New Yorkers and how the findings were presented.
  • The specific consumer behaviours the article highlights, including password reuse and public Wi-Fi use.
  • The article's own narrative on how businesses should balance prevention, response, and transparency.
  • The broader brand-trust argument the vendor builds from the survey results.

👉 The full Commvault article expands on the consumer survey findings and the business case for resilience.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2025-12-17.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org