For a lot of organizations, identification security seems to be underneath management. On paper, every part checks out. However new analysis from Cerby, based mostly on insights from over 500 IT and security leaders, reveals a unique actuality: an excessive amount of nonetheless depends upon individuals—not techniques—to operate. Actually, fewer than 4% of security groups have totally automated their core identification workflows.
Core workflows, like enrolling in Multi Issue Authentication (MFA), preserving credentials safe and updated, and revoking entry the second somebody leaves—are sometimes handbook, inconsistent, and weak to error. And when security execution depends on reminiscence or follow-up, gaps seem quick.
Human error stays one of many greatest threats to enterprise security. Verizon’s 2025 Data Breach report discovered that the human component was concerned in 60% of breaches. The identical handbook missteps that led to breaches a decade in the past nonetheless expose identification techniques at this time. Cerby’s 2025 Id Automation Hole analysis report reveals simply how widespread the problem is—and the way far automation nonetheless has to go.
The final mile nonetheless runs on human error
The info reveals a persistent reliance on human motion for duties that must be automated throughout the identification security lifecycle.
- 41% of finish customers nonetheless share or replace passwords manually, utilizing insecure strategies like spreadsheets, emails, or chat instruments. They’re hardly ever up to date or monitored, rising the probability of credential misuse or compromise.
- Almost 89% of organizations depend on customers to manually allow MFA in functions, regardless of MFA being one of the vital efficient security controls. With out enforcement, safety turns into elective, and attackers know exploit that inconsistency.
- 59% of IT groups deal with consumer provisioning and deprovisioning manually, counting on ticketing techniques or casual follow-ups to grant and take away entry. These workflows are gradual, inconsistent, and simple to miss—leaving organizations uncovered to unauthorized entry and compliance failures.
Organizations cannot afford to attend
The results are now not hypothetical.
In keeping with the Ponemon Institute, 52% of enterprises have skilled a security breach brought on by handbook identification work in disconnected functions. Most of them had 4 or extra. The downstream affect was tangible: 43% reported buyer loss, and 36% misplaced companions.
These failures are predictable and preventable, however provided that organizations cease counting on people to hold out what must be automated. Id is now not a background system. It is one of many major management planes in enterprise security. As assault surfaces broaden and menace actors turn into extra subtle, the automation hole turns into tougher—and riskier—to disregard.
Why the automation hole persists
Why do these handbook gaps nonetheless exist if automation is so important to identification security? They’ve emerged as a byproduct of fast progress, software sprawl, and fragmented infrastructure.
- Disconnected functions are in all places, they usually do not help the frequent identification requirements required for integration into current suppliers. A majority of enterprise functions fall into this class, and that quantity continues to develop. They span each enterprise operate and are filled with delicate information.
- IT & security groups assume instruments = protection. Environments at this time stretch throughout SaaS, cellular, cloud, and on-prem techniques. Shadow IT continues to develop sooner than anybody can observe, as every enterprise unit brings its personal stack. Reaching full management throughout all functions stays extremely elusive.
- Stopgap options do not scale. Password managers, handbook scripts, and different vaulting instruments are troublesome to take care of and infrequently create fragmented infrastructure. When integrations do not exist, they’re incessantly patched collectively—however these fixes are pricey to construct and fragile to maintain. What begins as a workaround rapidly turns into an ongoing operational burden.
Closing the automation hole
The excellent news: closing the automation hole does not require rebuilding or changing your identification stack. It means finishing it.
Ahead-thinking organizations are bringing automation to each nook of their software ecosystem with out ready for native integrations. Some groups are additionally exploring AI brokers to assist shut this hole. However belief continues to be evolving: 78% of security leaders say they do not belief AI to totally automate core identification duties—but 45% help a collaborative human-in-the-loop mannequin.
Cerby offers organizations with the pliability to help each approaches—assembly groups the place they’re and delivering automation the place it is wanted most.
Cerby’s analysis report, The 2025 Id Automation Hole, contains findings from 500+ IT and security leaders and sensible steps for closing one of the vital ignored dangers in enterprise security.
Obtain the complete report or schedule a 15-minute demo to see how Cerby brings automation throughout your complete identification floor.
