Identiverse– The FIDO Alliance and HID, a global enabler of trusted identity solutions, today released The State of Physical and Digital Identity in the Enterprise, a new research report examining how organizations manage physical and logical access across their workforces.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260615358304/en/
Surveying 500 IT and cybersecurity decision makers across the US, Canada, UK, France, and Germany, the new study uncovered a significant disconnect between enterprise confidence in identity security and operational reality. While most organizations believe they can revoke all physical and digital access within 24 hours when an employee leaves, more than one-third report experiencing actual failures doing so, contributing to identity-related security incidents across the enterprise.
Key findings from the report include:
While confidence is high, so are security incidents
- 94% of organizations claim confidence that all physical and logical access can be revoked within 24 hours of an employee leaving.
- Yet 35% experienced delays or failures doing exactly that in the past two years — and 70% experienced at least one identity-related security incident overall.
Governance is fragmented
- Only 50% of enterprises have unified reporting ownership for physical and digital identity, and just 48% have consolidated budget control.
- Finance is the most governance-fragmented sector, with 34% operating fully separate reporting structures despite operating under stringent regulatory access-control obligations.
Complexity is growing, and enterprises manage three separate systems on average
- 59% of enterprises manage three or more distinct credential and authentication systems.
- 58% say managing digital identity has become more complex over the past two years.
The Public Sector carries the highest incident rate of any industry
- The sector has the highest identity security incident rate of any industry, with 43% experiencing access revocation failures.
- It has a 20% manual credential revocation rate, which is more than double the IT/Technology sector.
The passkey adoption must scale to protect businesses
- 93% of organizations are at some stage of passkey adoption and 65% report high or expert technical familiarity.
- However, only 13% have deployed passkeys at scale, explaining why organizations experience such high levels of security incidents.
Phishing-resistant authentication is a top business priority
- The leading driver for moving to passwordless authentication is reducing phishing and credential-based breach risk (45%), followed by reducing IT costs from password resets and help desk load (44%).
“The story in this data isn’t about awareness, it’s about execution. Ninety-three percent of organizations are on the passkey journey, but only 13% have deployed at scale, and the security incident rates reflect that gap directly,” said Andrew Shikiar, executive director and CEO of the FIDO Alliance. “Phishing-resistant authentication only delivers its full protective value when deployment is comprehensive rather than selective – because threat actors don’t limit themselves to the parts of the organization that are already protected.”
“Identity security is no longer just an authentication challenge; it is an enterprise governance challenge. As organizations adopt passkeys, a unified approach to managing physical and digital identity becomes critical. This research shows that fragmented governance, disconnected systems and limited visibility create real business risk. HID is closing that gap by bringing credentials, access rights and lifecycle management together to enable faster, more confident access decisions,” said Sean Dyon, Vice President of the Authentication Business Unit at HID.
The full report is being launched at Identiverse 2026. Visit FIDO Alliance at booth 252 and HID at booth 800 from June 15-17.
Notes to editors:
- The survey was conducted among 500 IT and cybersecurity decision makers (Manager and above) in Finance, Healthcare, Public Sector, Manufacturing, and IT/Technology, across the US, Canada, UK, France, and Germany. All respondents worked at organizations with 150 or more employees.
About FIDO Alliance
The FIDO Alliance (www.fidoalliance.org) enables identity technologies that put trust and simplicity at the centre of interactions among people, services, and devices. The Alliance publishes open technical specifications, certifies secure and interoperable products, and operates global market enablement programmes.
About HID
HID powers the trusted identities of the world’s people, places and things. We make it possible for people to transact safely, work productively and travel freely. Our trusted identity solutions give people convenient access to physical and digital places and connect things that can be identified, verified and tracked digitally. Millions of people around the world use HID’s products and services to navigate their everyday lives, and billions of things are connected through HID’s technology. We work with governments, educational institutions, hospitals, financial institutions, industrial businesses and some of the most innovative companies on the planet.
Headquartered in Austin, Texas, HID has over 4,500 employees worldwide and operates international offices that support more than 100 countries. HID is an ASSA ABLOY Group brand. For more information, visit www.hidglobal.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260615358304/en/
Media gallery
