A Keeper Security survey at Infosecurity Europe 2025 reveals that identity-based attacks, such as phishing and credential stuffing, are the top cybersecurity concern. Despite growing AI threats, only 18% of organisations have fully implemented zero trust frameworks. The survey highlights gaps in privileged access management, with 43% failing to enforce Multi-Factor Authentication and 35% granting excessive permissions.
Identity-based cyber attacks have emerged as the foremost cybersecurity concern, underscored by rapidly evolving artificial intelligence threats, according to a recent survey conducted by Keeper Security at Infosecurity Europe 2025.
The survey, which gathered insights from 160 cybersecurity professionals attending the conference, reveals that nearly one in four respondents (23%) pinpoint identity-focused tactics, including phishing and credential stuffing, as the primary risk factors for major security breaches in the upcoming year. These findings emphasise a critical intersection between advanced AI-powered attacks and inadequate identity and access management controls.
Disconnect between AI preparedness and zero trust implementation
A significant finding from the survey indicates a pronounced gap in confidence levels regarding AI threat readiness between organisations that have adopted robust zero-trust frameworks and those lagging in this approach. Organisations with mature zero-trust models exhibited substantially higher confidence, with half of these respondents expressing full or partial assurance in their ability to manage AI-related threats. Conversely, entities lacking zero-trust strategies reported markedly lower confidence.
Despite recognising zero trust as a strategic priority, widespread adoption remains sluggish. Only 18% of surveyed professionals confirmed having highly effective zero-trust frameworks in place. Almost half (44%) of the respondents admitted either not initiating any zero-trust implementation or considering it irrelevant for their organisational context.
Budget constraints, insufficient executive support, and complexities associated with integrating zero-trust solutions into existing systems emerged as the primary obstacles.
Persistent gaps in Privileged Access Management (PAM)
The survey highlighted critical vulnerabilities and common oversights in Privileged Access Management (PAM).
Notably, 43% cited the failure to enforce Multi-Factor Authentication (MFA) as a significant weakness. Other prevalent errors included granting excessive permissions (35%), failing to revoke unnecessary access promptly (34%), lacking visibility into privileged accounts (30%), and the absence of dedicated PAM solutions (37%). Such shortcomings are further exacerbated by third-party access risks (35%) and inadequate auditing practices (30%).
AI seen as both threat and potential security enhancer
While AI is increasingly perceived as a potent threat vector, cybersecurity experts also view it as a transformative security solution. Over half (53%) of respondents predict AI-driven identity validation and authentication technologies will significantly reshape cybersecurity practices within the next three to five years, surpassing traditional methods such as passwords and quantum-resistant encryption.
However, preparedness remains concerningly low. Just 12% of respondents expressed full readiness to counter AI-enhanced cyber threats, with more than half displaying uncertainty or a lack of confidence.
This suggests an urgent need for increased awareness, education, and the accelerated adoption of sophisticated identity and access management strategies.
Divergent perceptions of AI risks
The survey exposed differing views between industry professionals and end users regarding AI threats. Although 53% of respondents believe media coverage exaggerates AI risks, cybersecurity experts maintain a more cautious stance. Only 24% of cybersecurity professionals consider these threats overstated, compared to 42% among end users. Significantly, 32% of end users remain undecided, pointing to a critical need for enhanced awareness initiatives.
Darren Guccione, CEO and Co-founder of Keeper Security, underscored the importance of addressing these emerging threats:
“The findings from Infosecurity Europe 2025 reinforce what we see everyday, AI is reshaping the threat landscape, and identity-based attacks are becoming more precise, scalable and damaging. Organisations that haven’t embraced zero trust and strong privileged access controls are falling behind, both in protection and in confidence.”
About Keeper Security
Keeper Security is a leading cybersecurity provider trusted by millions globally, including Fortune 100 companies. Its comprehensive cybersecurity platform, employing zero-trust and zero-knowledge Privileged Access Management, protects passwords, passkeys, privileged accounts, secrets, and remote connections. Keeper’s cloud-based solution integrates enterprise password, secrets, and connection management with zero-trust network access and remote browser isolation, ensuring robust security, visibility, compliance, and control.
Himani Verma is a seasoned content writer and SEO expert, with experience in digital media. She has held various senior writing positions at enterprises like CloudTDMS (Synthetic Data Factory), Barrownz Group, and ATZA. Himani has also been Editorial Writer at Hindustan Time, a leading Indian English language news platform. She excels in content creation, proofreading, and editing, ensuring that every piece is polished and impactful. Her expertise in crafting SEO-friendly content for multiple verticals of businesses, including technology, healthcare, finance, sports, innovation, and more.
