Ponemon survey exposes identity overconfidence

A stark disconnect between perceived identity security and operational reality has emerged from a Ponemon Institute survey of over six hundred IT leaders, which found that while a majority express high confidence in their access controls, 89% of enterprise applications operate outside the governance of centralized multifactor authentication platforms, according to Security Boulevard. The Cerby-commissioned research reveals that 77% of organizations have suffered at least one incident tied to these unmanaged "disconnected" applications in the past two years, with nearly 40% citing direct operational disruption. Compounding the visibility gap, almost two-thirds of respondents have failed audits related to shadow applications, yet manual processes remain the default for 60% of access changes. Cerby's chief strategy officer, Matt Chiodi, warned that this friction is unsustainable in an era where AI agents are not only multiplying the volume of non-human identities but also embedding themselves more deeply into critical business workflows. With over a quarter of firms reporting an increase in AI application deployment and some already exceeding one hundred instances, the survey underscores a growing chasm between the accelerating complexity of the identity fabric and the sluggish, manual governance mechanisms tasked with securing it.