The transition to automation throughout history — be it water wheels, mills, steam engines, or microprocessors — is not necessarily a smooth or immediate change.Hence, as enterprises move toward making their identity access management (IAM) platforms more automated, it is perhaps not surprising that there is a substantial delay in making that happen. Indeed, since most security experts agree that human involvement compromises IT security and workflows, the transition to more automated IAM solutions is practical and responsible (as well as efficient).The reality is that these changes take time — and many of these “workflows are still manual, which makes them unreliable, error-prone, and risky,” according to recent research from Cerby.Indeed, fewer than 4% of enterprise security teams have fully automated their core identity workflows, according to Cerby’s "The 2025 Identity Automation Gap." Cerby’s report is based on surveys from 500+ IT and security leaders and offers practical steps for closing one of the most overlooked risks in enterprise security. Human action still compromises security, according to security experts. Furthermore, disconnected applications and fragmented identity systems have created a widespread automation gap, which creates more widespread cybersecurity risk throughout enterprises.“Core workflows, like enrolling in multi-factor authentication (MFA), keeping credentials secure and up to date, and revoking access the moment someone leaves — are often manual, inconsistent, and vulnerable to error,” according to Cerby. “And when security execution relies on memory or follow-up, gaps appear fast.” Indeed, three out of five (60%) enterprise security breaches involved a “human element”, according to the most recent Verizon 2025 Data Breach Investigations Report. According to the Cerby research report, organizations rely far too much on human operators for identity security, instead of more reliable and efficient automation:41% of end users still share or update passwords manually, using insecure methods like spreadsheets, emails, or chat tools. They are rarely updated or monitored, increasing the likelihood of credential misuse or compromise. Nearly 89% of organizations rely on users to manually enable MFA in applications, despite MFA being one of the most effective security controls. Without enforcement, protection becomes optional, and attackers know how to exploit that inconsistency. 59% of IT teams handle user provisioning and deprovisioning manually, relying on ticketing systems or informal follow-ups to grant and remove access. These workflows are slow, inconsistent, and easy to overlook — leaving organizations exposed to unauthorized access and compliance failures. More than half of all enterprises have experienced a security breach due to manual cybersecurity protections, which do not fully connect with all applications, according to research from the Ponemon Institute.
Identity, SSO/MFA
Enterprise security risk increases as transition to IAM platforms lag

(Adobe Stock)
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds