For many organizations, identity safety appears to be under control. On paper everything checks. But new Cerby studies, based on understanding over 500 IT and security leaders, discover another reality: too much depends on people – not systems – for functioning. Really, Less than 4% security commands are fully automated their basic identity work processes.
Basic workflows such as enrollment on multifactorial authentication (Foreign Ministry), keeping security accounts both in the course, and recalling access to the moment as someone leaves – often manual, inconsistent and vulnerable to mistakes. And when the safety implementation rests on memory or subsequent actions, the blanks appear quickly.
The human mistake remains one of the biggest threats to the security of the enterprise. The Verizon 2025 data violation report showed that the human element participated in 60% of violations. The same manual mistakes that led to a decade ago, still expose identity systems. Serbus 2025 identity automation break The research report shows how widespread the problem is – and how far the automation should go.
The last mile is still going on a human error
The data shows a constant dependence on a person’s actions for tasks that should be automated in the life -lobed identity safety cycle.
- 41% end users still share or update passwords by handUsing dangerous methods such as spreadsheets, electronic letters or chat tools. They are rarely updated or tracked, increasing the likelihood of abuse or compromise.
- Almost 89% of organizations count on users to handle the Foreign Ministry In the supplements, despite the fact that the Foreign Ministry was one of the most effective security control. Without forced execution, the defense becomes optional, and the attackers know how to use this inconsistency.
- 59% IT -Camland copes providing users and deprivation manuallyBased on ticket systems or informal subsequent access activities and removal. These workflows are slow, controversial and simple in view – protective organizations that are exposed to unauthorized access and compliance.
Organizations cannot afford to wait
The consequences are no longer hypothetical.
According to the Panemon Institute, 52% of businesses survived security violations caused by manual identity of work in disabled applications. Most of them were four or more. Down exposure was sensitive: 43% reported the loss of customers and 36% lost partners.
These failures are predictable and predictable, but only if the organizations stop relying on people to carry out what you need to automate. Identity is no longer a background system. This is one of the main management planes. As the surface surface expands, and the threatens become more sophisticated, the space in automation becomes harder and risky – ignore.
Why the automation space is stored
Why are these manual spaces still exist when automation is so important for identity safety? They appeared as a by -product of rapid growth, distribution and fragmented infrastructure.
- Disabled applications are there everywhere And they do not support the general standards of identity needed to integrate into existing providers. Most enterprise applications get into this category, and this number continues to grow. They cover each business function and stuffed with sensitive data.
- IT Safety Camps suggest tools = cover. The environment today is stretched on Saas, mobile, cloud and prem systems. The shadow he continues to grow faster than everyone can track, because every business unit brings his own stack. Achieving complete control in all applications remains very elusive.
- STOPGAP solutions are not scalable. Passwords, hand scripts and other vaults are difficult to support and often create fragmented infrastructure. If there are no integrations, they often scatter together, but these corrections are expensive for construction and tender. What begins as a solution quickly becomes a constant operational load.
Closing spaces in automation
Good news: The closure of the gaps in automation does not require the restoration and replacement of the identity stack. This means completing it.
Organizations that think forward bring automation to each corner of their ecosystem applications without waiting for their native integration. Some teams also study AI agents to help close this gap. But trust is still developing: 78% of security executives say they do not trust AI fully automate the basic identity tasks“It is 45% support the joint model of the person in the cycle.
Cerby provides organizations to support both approaches – combining the teams where they are, and provides automation where it is most needed.
Report by Serbian Research, Automation breaks of 2025 Identity AutomationIncludes the results of 500+ IT and security leaders and practical steps to close one of the most unpredictable enterprise safety risks.
Download full report or Plan a 15-minute demonstration To find out how Cerby brings automation across your identity surface.
