Identity breaches and help desk risk: are your controls keeping up?

TL;DR: 69% of global organisations experienced an identity-related breach in the last three years, while 65% are seriously concerned about service desk bypass attacks and 90% report challenges moving toward passwordless authentication, according to RSA Security’s 2026 ID IQ Report. The data shows identity programmes are still failing at the points where trust, recovery, and human workflow intersect.

NHIMG editorial — based on content published by RSA Security: UK reports worse data breaches and greater concern for IT help desk risk in the 2026 RSA ID IQ Report

By the numbers:

• 69% of global organisations experienced an identity-related breach in the last three years, a 27-percentage-point increase year-over-year.
• 45% of global organisations said that the cost of an identity-related breach exceeded the typical cost of a breach as defined by IBM.
• 65% of organisations are seriously concerned about a similar attack, and 51% consider service desk bypass attacks their most significant risk.

Questions worth separating out

Q: What breaks when service desk recovery is treated as routine support?

A: The recovery path becomes a privileged entry point for attackers who can impersonate legitimate users or manipulate support staff.

Q: Why do passwordless programmes still leave organisations exposed?

A: Passwordless reduces password dependence, but it does not remove recovery, enrolment, fallback, or exception handling.

Q: How can security teams tell whether help desk controls are actually working?

A: Look for verification quality, escalation rates, recovery approval consistency, and the number of resets that rely on manual overrides.

Practitioner guidance

• Reclassify help desk recovery as privileged access Map password reset, MFA reset, and account recovery workflows into the privileged access model and apply stronger approval, verification, and audit requirements to each step.
• Test support workflows with adversarial scenarios Run social engineering exercises against service desk staff, including impersonation and recovery abuse, to identify where process speed overrides identity assurance.
• Measure fallback-path risk during passwordless rollout Track how often users depend on password-based exceptions, recovery codes, or manual overrides so the programme reflects real exposure rather than adoption claims.

What's in the full analysis

RSA Security's full report covers the operational detail this post intentionally leaves for the source:

• Survey methodology and respondent breakdown across more than 2,100 IAM and security professionals.
• UK versus global comparison tables showing where British organisations diverge on identity breach harm and passwordless progress.
• The report’s broader findings on AI adoption attitudes and how organisations are planning to use AI in the security stack.
• Infographic material that expands the topline numbers into a board-friendly format.

👉 Read RSA Security’s 2026 ID IQ report on identity breaches and help desk risk →

Identity breaches and help desk risk: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →