A recent report by Cerby, titled “The 2025 Identity Automation Gap,” reveals significant challenges in automating core identity workflows within organizations. Our industry-leading research captured intelligence from more than 500 IT and security leaders. It underscores a major and vexing weakness in enterprise security that has survived both the test of time and technology.
Unfortunately, the research results paint a different picture, revealing that fewer than 4% of security teams have completely automated the core identity workflows. This manual process creates hidden and significant risk to organizations including business continuity, regulatory, and reputational risk. Alarmingly, 39% of end users are still manually sharing or updating passwords. They usually default to old-school solutions, such as spreadsheets, emails or chat applications. These practices not only raise the risk of breaches but chip away at a foundational aspect of an organization’s security infrastructure—security hygiene.
The report highlights the economic cost of identity-based harassment and discrimination. Data further indicates that 43% of organizations have lost customers due to these issues, which includes inaccurate listings. In addition, 36% have suffered partner losses directly related to inequitable or unsafe circumstances. These startling statistics illustrate the dire need for strong identity management practices. In today’s increasingly complex and dynamic digital ecosystems, this requirement cuts across SaaS, mobile, cloud, and on-premises environments.
Even with all the risks of going manual widely known, organizations still turn to manual processes. For example, 59% of IT teams still provision and deprovision users manually. They frequently have to depend on ticketing systems or casual check-ins to make it happen. Almost 89% of organizations depend on users to take the initiative and turn on multi-factor authentication (MFA) in their applications. This dependence proves it poses major security threats.
The manual persistence of these missteps goes to rehash the very issues that afflicted identity systems more than ten years ago. As organizations continue to fight more sophisticated threats, the case for automation in identity workflows has never been stronger. The survey found that 78% of security leaders express skepticism about relying solely on artificial intelligence for automating these core identity tasks.
Rather than replacing humans, 45% of security leaders support a collaborative human-in-the-loop model for identity automation. This strategy attempts to pair the operational efficiency of automation with the accountability and decision-making afforded by human experience.