Survey Exposes Critical Gaps in Identity Disaster Recovery Testing
A recent global survey has uncovered alarming deficiencies in how organizations handle identity disaster recovery, with more than 75 percent failing to test their plans within the recommended six-month timeframe. Conducted by Quest Software, a leader in data management and cybersecurity, the study involved 650 IT and security leaders worldwide, highlighting widespread neglect in this crucial area of cybersecurity.
Key Findings on Disaster Recovery Practices
The State of ITDR survey revealed that only 24 percent of organizations adhere to the best practice of testing disaster recovery every six months. Shockingly, another 24 percent admitted they never test their plans at all. This lack of regular validation comes at a time when identity has become the primary attack surface, exacerbated by the sprawl of identities across on-premises, hybrid, and cloud environments.
Michael Laudon, chief product and technology officer at Quest Software, emphasized the severity of the issue: "Identity systems are at the center of most environments, connecting users, applications, data, automation, and cloud services. When compromised, attackers gain immediate access and control, hindering rapid response and recovery."
Rising Threats from AI and Non-Human Identities
The survey also pointed to growing complications from AI-driven attacks, such as model theft and automated assaults, which have led to a 57 percent increase in security incidents linked to AI usage, according to a Microsoft study. Additionally, the rapid expansion of non-human identities has created visibility challenges, with an estimated ratio of 82 machine identities to every human identity, making security management increasingly difficult.
Key statistics from the Quest Software survey include:
- 79 percent of respondents expressed confidence that AI tools could improve Identity Threat Detection and Response (ITDR) effectiveness.
- 51 percent identified non-human identities as the most difficult to secure, followed by third-party accounts (49 percent), service accounts (47 percent), and legacy systems (46 percent).
- 78 percent cited proactive threat management as the main driver for implementing ITDR programs.
Progress and Opportunities in ITDR Adoption
Despite the challenges, the survey noted some positive trends. Since last year, 57 percent of organizations now have an ITDR practice in place, up from 48 percent. Moreover, 92 percent agree on the benefits of ITDR, compared to 84 percent previously. However, many organizations still over-rely on preventative controls while neglecting response and recovery readiness, presenting an opportunity for enhancement through frameworks like the NIST Cybersecurity Framework.
Quest Software's solutions, recognized by Gartner in its 2025 report, help organizations automate recovery 90 percent faster and improve mean time to response by 44 percent, potentially saving millions in downtime costs. As identity security challenges continue to grow, regular testing and robust ITDR practices remain essential for resilience in an evolving threat landscape.
