Identity breach costs and help desk hijacks: what teams missed

TL;DR: Identity-related breaches rose to 69% of organisations over the last three years, while 45% said breach costs exceeded typical breach costs and 24% reported losses above $10 million, according to RSA Security’s 2026 RSA ID IQ Report. The data shows identity governance is failing at both prevention and containment, especially where help desk abuse and weak passwordless adoption intersect.

NHIMG editorial — based on content published by RSA Security: 2026 RSA ID IQ Report findings on identity breaches, help desk hijacks, and passwordless adoption

By the numbers:

• 69% of organisations experienced an identity-related breach in the last three years, a 27-percentage-point increase year over year.
• 45% of organisations said that the cost of an identity-related breach exceeded the typical cost of a breach as defined by IBM.
• 24% of organisations said costs exceeded $10M, a three-percentage-point year-over-year increase since the previous year’s survey.

Questions worth separating out

Q: How should security teams reduce help desk takeover risk in identity programmes?

A: They should treat support workflows as part of the identity perimeter.

Q: When do passwordless programmes fail to reduce identity risk?

A: They fail when organisations keep weak fallback and recovery paths.

Q: What do security teams get wrong about identity breach prevention?

A: They often focus on login security and ignore the recovery chain.

Practitioner guidance

• Treat help desk recovery as privileged access Require strong identity proofing, approval logging, and escalation controls for every reset, override, and account recovery workflow.
• Measure identity breach cost by control failure path Track which identity paths most often lead to incident response, forced resets, or business disruption.
• Harden fallback paths for passwordless programmes Review every alternate route that remains when passwordless is unavailable, including service desk resets, device recovery, and temporary bypasses.

What's in the full analysis

RSA Security’s full report covers the operational detail this post intentionally leaves for the source:

• Question-level survey breakdowns across more than 2,100 IAM, IT, and cybersecurity professionals
• Country-level comparisons that show where Australian organisations diverge from global identity risk patterns
• The report’s full treatment of passwordless adoption barriers and implementation friction
• The AI adoption findings and associated commentary on how identity teams are planning for near-term stack changes

👉 Read RSA Security’s 2026 ID IQ Report on identity breaches, help desk hijacks, and passwordless adoption →

Identity breach costs and help desk hijacks: what teams missed?

Explore further

View Full Forum →  |  NHI Foundation Course →