A new global report from RSA, the security-first identity leader, reveals that identity caused both more frequent and more expensive data breaches this year than last. The 2026 RSA ID IQ Report reveals critical insights from more than 2,100 cybersecurity, identity and access management (IAM), and IT professionals on how frequently identity fails organizations, the financial impacts their organizations suffered when it did, attitudes on AI’s cybersecurity potential, the factors limiting the growth of passwordless authentication, and more. The report also details key differences that set Japanese organizations apart from the rest of the world.

“The 2026 RSA ID IQ Report underscores that identity simply fails too many organizations too often,” said RSA CEO Greg Nelson. “The likelihood of a breach—and the cost of inaction—are too high for leaders to tolerate the status quo.”

Marketing Technology News: MarTech Interview with Julian Highley, EVP, Global Data Science & Product @ MarketCast

Key findings include:

• Identity breach frequency surged: 69% of global organizations experienced an identity-related breach in the last three years, a 27-percentage-point increase year-over-year. That 64% relative increase suggests either a surge in successful identity attacks, better detection or reporting, or both. In either case, the report shows that the identity risk environment has become even more dangerous.
• Identity breach costs escalated: 45% of organizations said that the cost of an identity-related breach exceeded the typical cost of a breach as defined by IBM. Notably, 24% of organizations said costs exceeded $10M, a three-percentage-point year-over-year increase since the previous year’s survey.
• Japan fears phishing more than any other country: 71% of Japanese respondents listed phishing as the top threat facing their organization, far ahead of the global average. This may be in part because of how frequently Japanese users must resort to manual passwords.
• Passwordless adoption faces hurdles: 90% of organizations reported challenges in moving toward passwordless authentication. This struggle is reflected in user behavior, as 57% still don’t use passwordless as their primary authentication method. Japan lags in passwordless adoption, with 62% of organizations there saying users needed to type in their credentials for work more than six times every day.
• Cybersecurity’s AI optimism & adoption: The cybersecurity sector is largely optimistic about AI, with 83% expecting it to benefit cybersecurity more than it will benefit cybercrime in the next three years. This optimism translates into action: 91% of organizations plan to implement AI in their tech stack this year, marking a 12-percentage-point increase year-over-year.

Marketing Technology News: Martech & the ‘Digital Unconscious’: Unearthing Hidden Consumer Motivations

“The 2026 RSA ID IQ Report underscores that identity simply fails too many organizations too often,” said RSA CEO Greg Nelson. “The likelihood of a breach—and the cost of inaction—are too high for leaders to tolerate the status quo. Instead, these new findings should urge organizations to act quickly to keep themselves secure.”

“Identity-related breaches exploded in 2026, jumping from impacting 42% of organizations to 69% in just one year, with help desk social engineering emerging as a major new attack vector,” said RSA Chief Marketing and Growth Officer Laura Marx. “It’s urgent that leaders use this data to assess their identity capabilities and prioritize the actions to stay safe.”

“The 2026 RSA ID IQ Report details how Japanese organizations differ from their global peers, including where we lead, where we trail, and the areas where we can improve,” said RSA APJ North Regional Director Hirofumi Yatsuzuka. “Security leaders working in Japan should download the report to learn the global trends shaping identity security and the local distinctions that set Japan apart.”