Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity breach costs and help desk hijacks: what teams missed


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Identity-related breaches rose to 69% of organisations over the last three years, while 45% said breach costs exceeded typical breach costs and 24% reported losses above $10 million, according to RSA Security’s 2026 RSA ID IQ Report. The data shows identity governance is failing at both prevention and containment, especially where help desk abuse and weak passwordless adoption intersect.

NHIMG editorial — based on content published by RSA Security: 2026 RSA ID IQ Report findings on identity breaches, help desk hijacks, and passwordless adoption

By the numbers:

Questions worth separating out

Q: How should security teams reduce help desk takeover risk in identity programmes?

A: They should treat support workflows as part of the identity perimeter.

Q: When do passwordless programmes fail to reduce identity risk?

A: They fail when organisations keep weak fallback and recovery paths.

Q: What do security teams get wrong about identity breach prevention?

A: They often focus on login security and ignore the recovery chain.

Practitioner guidance

  • Treat help desk recovery as privileged access Require strong identity proofing, approval logging, and escalation controls for every reset, override, and account recovery workflow.
  • Measure identity breach cost by control failure path Track which identity paths most often lead to incident response, forced resets, or business disruption.
  • Harden fallback paths for passwordless programmes Review every alternate route that remains when passwordless is unavailable, including service desk resets, device recovery, and temporary bypasses.

What's in the full analysis

RSA Security’s full report covers the operational detail this post intentionally leaves for the source:

  • Question-level survey breakdowns across more than 2,100 IAM, IT, and cybersecurity professionals
  • Country-level comparisons that show where Australian organisations diverge from global identity risk patterns
  • The report’s full treatment of passwordless adoption barriers and implementation friction
  • The AI adoption findings and associated commentary on how identity teams are planning for near-term stack changes

👉 Read RSA Security’s 2026 ID IQ Report on identity breaches, help desk hijacks, and passwordless adoption →

Identity breach costs and help desk hijacks: what teams missed?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Identity recovery has become a privileged access path, not an administrative afterthought. The report’s help desk findings show that attackers are now treating support workflows as the fastest route around primary authentication. That means the real governance boundary is no longer just the login page but the entire recovery process, including identity proofing, reset approval, and escalation handling. Practitioners should treat recovery controls as part of privileged access governance.

A few things that frame the scale:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
  • Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

A question worth separating out:

Q: Who is accountable when help desk bypass leads to an identity breach?

A: Accountability should sit with both IAM governance and the operational teams that own recovery workflows. Identity recovery is a security control, not just a service task, so policy, training, approval paths, and audit evidence must be owned and reviewed like any other privileged access process.

👉 Read our full editorial: Identity breaches surge as help desk hijacks raise IAM risk



   
ReplyQuote
Share: