Enterprise Identity Management Flaws Expose Cyber Vulnerabilities
A joint study by the FIDO Alliance and HID reveals a sharp disconnect between perceived security readiness and actual access revocation failures.
- By Jesse Jacobs
- Jun 15, 2026
Enterprise confidence in workforce access management does not align with operational reality, according to a joint study released by the FIDO Alliance and HID.
The report, titled "The State of Physical and Digital Identity in the Enterprise," highlights systemic vulnerabilities in how organizations revoke physical building access and digital account privileges when employees depart. While 94% of surveyed IT and cybersecurity decision-makers expressed confidence in their ability to strip all access permissions within 24 hours of an employee's departure, 35% acknowledged experiencing direct delays or system failures when attempting to do so over the past two years.
This operational lag correlates with broader security issues, as 70% of the surveyed organizations reported suffering at least one identity-related security incident.
According to the data, the gap between perception and security posture stems largely from fragmented corporate governance and infrastructure complexity. Half of all surveyed enterprises lack a unified reporting hierarchy for physical and digital identity management, and only 48% maintain consolidated budget control over these sectors.
Infrastructure management is similarly fractured, with 59% of enterprises juggling three or more distinct credential and authentication systems. Additionally, 58% of respondents noted that managing digital identities grew more complex over the last two years.
The public sector exhibited the highest rate of identity-related security incidents among the industries surveyed, with 43% of government organizations reporting access revocation failures. The sector also relies on a 20% manual credential revocation rate, doubling the rate found in the commercial technology industry.
The research also tracked corporate adoption of phishing-resistant authentication methods. Although 93% of organizations have initiated passkey adoption strategies and 65% claim high technical familiarity with the technology, only 13% have deployed passkeys at scale across their entire workforce.
Mitigating the risk of phishing and credential-based data breaches remains the primary motivator for shifting to passwordless infrastructure, cited by 45% of respondents. Reducing IT helpdesk expenditures related to password resets followed closely at 44%.
The complete findings are available in the full identity report.