Unosecur Cloud Compliance Pulse H1 2025

Read full announcement here: https://www.unosecur.com/announcement/unosecur-cloud-compliance-pulse-h1-2025-reveals-forty-identity-security-failures-in-the-average-cloud-tenant/?source=nhimg

Berlin, 21 July 2025 — Unosecur, the Berlin-based identity security innovator has released its Cloud Compliance Pulse H1 2025, a statistically validated benchmark assessing real-world identity and access management (IAM) hygiene across public-cloud environments. Based on automated scans from 1 January to 30 June 2025, the study reveals an average of 40 IAM-related control failures per cloud tenant, with 94% of organisations missing at least one high-severity requirement.

Key Findings

• 68% of tenants failed ISO 27002-5.17, requiring MFA for privileged accounts.

• Four recurring gap families — missing MFA, over-privileged roles, stale/duplicate credentials, and unmanaged service-account keys — accounted for 70% of high-severity issues.

• Every major public-cloud breach Unosecur investigated this year, including the McHire “123456” credential incident, traced back to one or more of these gap families.

Why It Matters

These identity gaps can:

• Inflate audit workloads, creating 40+ separate findings on ISO, SOC 2, or PCI assessments.

• Increase cyber-insurance premiums by double digits when privileged MFA or key-rotation controls are missing.

• Act as root causes for credential-driven breaches and lateral-movement attacks.

Recommended leadership actions:

Unosecur urges executive teams to track four monthly KPIs:

1. Privileged MFA coverage

2. Number of permanent high-privilege role assignments

3. Age distribution of access keys

4. Proportion of service-account secrets in managed vaults

By enforcing privileged MFA, rotating keys every 30 days, and replacing standing admin roles with just-in-time elevation, enterprises can materially reduce both compliance risk and breach probability.