How Can We Manage Identity in an Age of Cyber Threats?
Microsoft
The 2025 Microsoft Digital Defense Report highlights a critical era in cybersecurity where digital transformation and AI acceleration have created a volatile threat environment.
As fintechs continue to propel forward with identity and access management at the forefront of their strategy, cyber threats have become more prevalent than ever.
Cyber threats are transitioning from technical business hurdles to societal risks that challenge economic stability in financial services.
The report identifies that while traditional perimeter defences are no longer sufficient, AI is both a defensive necessity and a primary target for adversaries using techniques like prompt injection.
“As digital transformation accelerates, supercharged by AI, cyber threats increasingly challenge economic stability and individual safety,” says Amy Hogan-Burney and Igor Tsyganskiy.
Most cyberattacks are now financially motivated rather than driven by espionage, with data exfiltration appearing in 82% of observed ransomware incidents.
- 47% of initial access methods were attributed to the “ClickFix” social engineering technique in 2025.
- AI-automated phishing emails have a 54% click-through rate, compared to only 12% for standard attempts.
- 0.04% of network identifiers account for more than 80% of malicious password spray activity.
- 40% of ransomware attacks involve hybrid components – increasing from less than 5% two years ago.
- 19% of post-compromise incident response engagements identified destructive or human-operated ransomware.
Identity remains the top attack vector, forcing a shift towards phishing-resistant multifactor authentication (MFA) and zero trust principles.
Geopolitical tensions are fuelling state-sponsored activity, particularly from Russia, China, Iran and North Korea – all of which are increasingly utilising the cybercriminal ecosystem for scale.
The report advocates for international collaboration, regulatory harmonisation and “resilience by design” to secure critical infrastructure.
Ultimately, the report serves as a call to mobilise against a rising tide of threats through innovation and partnership.
- Achieve complete quantum readiness through integrating post-quantum cryptographic algorithms
- Deploy intelligent guardian agents with visibility into internal reasoning to protect AI models
- Strengthen European digital infrastructure through a dedicated security programme.
Entrust
Entrust, a global leader in identity solutions including KYC, has released its Entrust Identity Fraud Report 2026.
The study examines the escalating scale and complexity of global fraud, primarily driven by the professionalisation of crime and advances in Gen AI.
The study analyses more than one billion identity verifications across 195 countries, noting that the average fraud rate rose to 3.1% in 2024.
Key findings highlight that fraudsters now target identity elements, prevention systems and people through psychological manipulation.
Similarly, deepfakes have also become a significant threat – now linked to one in five biometric fraud attempts.
- 35% of document fraud attempts were attributed to digital forgeries in 2025
- 60% of all deepfake fraud specifically targets the cryptocurrency sector
- 82% of attempts target the authentication process in the payments industry
- Losses in the US reached US$15.6bn because of account takeover fraud in 2024
- Less than 0.1% of fraud rate achieved through using the Motion Liveness active verification solution
Document fraud remains persistent, with national ID cards accounting for 46% of fraudulent submissions.
The report also identifies a 40% year-on-year increase in injection attacks, which bypass cameras to feed falsified media directly into systems.
“In today’s AI-driven landscape however, that trust can no longer be taken for granted.” notes Shira Rubinoff, CEO of The Cybersphere Group.
The industry is shifting towards “fraud-as-a-service”, where organised rings operate 24/7, peaking when regional defences are offline.
Geographically, the Americas experienced the highest fraud rates at 4.3%.
To counter these threats, the report advocates for a multi-layered, AI-driven defence strategy that secures every stage of the identity lifecycle.
- Strengthen defences across every point of the identity lifecycle to counter Gen AI accessibility
- Utilise randomised motion prompts to make it harder for fraudsters to script or control biometric processes
- Deliver continuous innovation based on global reach and deep fraud intelligence
IBM X-Force
The IBM X-Force Threat Intelligence Report dives into how the cybersecurity landscape has evolved in the face of emerging threats, specifically naming AI.
Stating also that many compromises have been made due to “lapses in cybersecurity hygiene”, it finds that new threats from AI are competing with existing issues such as weak authentication practices, misconfigured access control and insufficient vulnerability management were also cause for concerns.
These practices ultimately make financial institutions, among any business, more vulnerable to a cyber attack or data breach.
The team at IBM utilise observations such as X-Force’s tracking of nearly 40,000 vulnerabilities in 2025 to provide insights on how threat actors impact a business, their behaviour upon entry and how they get in.
- >300,000 ChatGPT credentials were observed for sale on the dark web, enabled by infostealer malware.
- 44% - the rise in observable exploitation of public-facing applications as an initial access vendor in 2025, as the result of supply-chain attacks targeting trusted infrastructure and development environments.
- 56% of the 40,000 tracked vulnerabilities did not require authentication for an attacker to exploit.
- 27% of fraud incidents were in the finance and insurance sector, rising from 23% in 2024. The Manufacturing sector beats this by only a few tenths, rising to the top with 27.7%.
“Attackers aren't reinventing playbooks, they're speeding them up with AI,” notes Mark Hughes, Global Managing Partner for Cybersecurity Services, IBM.
“The core issue is the same: businesses are overwhelmed by software vulnerabilities.
“The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact.
“Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate.”
The report highlights several features which can contribute to ineffective defence.
The warning is clear – identity protection, secure configuration and visibility, cloud environments and development pipelines are “central” to cyber resilience.
By strengthening these areas, institutions can boost cyber resilience while attackers continue to refine tactics such as supply chain and credential-driven operations, ensuring they retain the most “effective” defence.
- Treating identity as critical infrastructure
- Embedding identity controls in application and API security to prevent identity-aware access policies from posing as a weakness
- Prioritising AI platform security.
