The industry speaks: Identity Management Day 2025

We are entering what I call “The Identity Renaissance”, a transformative era where innovative, secure and user-friendly technologies like phishing-resistant FIDO passkeys are rewriting the authentication rules. This isn’t just about enhancing security, it’s about creating a foundation for growth, resilience and improved experiences for employees and customers.

I believe HR has a chance to take the lead in this transformation, but it cannot occur in isolation. By collaborating with security and identity teams, we can embrace identity-first strategies that safeguard sensitive data while enhancing onboarding, access and overall experiences.

The stakes have never been higher and neither has the opportunity. Let’s embrace The Identity Renaissance, confront these threats head-on, and drive innovation to safeguard our organisations while fuelling future growth.

Ofer Friedman
Chief business development officer at AU10TIX

VIEW ALL

Effective identity management requires effectiveness of the initial process that grants people access to organisations, services and resources. If a bad actor successfully sneaks in, then from that point on, that person is trusted by any AIM platform. Nobody wants to let Trojan horses in, even if they do not misbehave immediately.

But not all identity verification services are born equal, even if on the outside they seem to be performing similar actions. In other words, effective identity management starts with making sure that the right people are verified and entitled to access. In 2025, an effective identity verification service must be built with paranoia. It’s no longer about identity verification; it is about identity risk.

Patrick Harding
Chief product architect at Ping Identity

Identity Management Day takes on a whole new meaning this year as individuals and organisations find themselves not only responsible for managing human identities but also increasingly tasked with overseeing AI, as it assumes agentic roles on behalf of humans. The impact AI will have on identity is far greater than we anticipate. For that reason, it’s important for businesses and individuals to ensure their security practices keep pace with the rapid evolution of technologies like AI. Leaning into approaches like zero trust architectures and decentralised identity models is that much more critical in a digital-first world.

As AI attacks target centralised repositories of personal data and look to mimic trusted users, it’s imperative to ensure data isn’t gathered in one vulnerable location and every user is verified, regardless of who they are or claim to be. As the way we work changes, it’s critical we secure our workforce, build customer trust, and deliver the seamless and secure digital experiences individuals deserve.

Morey Haber
Chief security adviser at BeyondTrust

Identity Management Day emphasises the critical need for proactive digital identity protection from both human and non-human threats. If we consider the sheer volume of cyber attacks impacting everyone on a daily basis, individuals and organisations must move beyond reactive security measures towards dynamic authentication, privileged assessments and continuous user education. It is a day to remind us that we can be in charge of our own identity risk posture, and through implementing identity security best practices, minimise the risks to ourselves and our businesses.

Ezzeldin Hussein
Senior director, solutions engineering, at SentinelOne

In today’s interconnected world, digital identities are the keys to everything – from accessing business applications to safeguarding personal data. Yet, identity-related breaches remain one of the most exploited attack vectors, making identity management a critical pillar of cyber security.

Identity security is not just about access; it’s about trust, accountability and resilience. In a world where identities are the new perimeter, protecting them is protecting everything. On Identity Management Day, let’s reinforce the importance of securing credentials, enforcing least privilege and building a culture of cyber awareness. Let’s commit to better identity security practices, educate users on password hygiene and phishing threats, and work together to build a safer digital world. Because when identities are secure, everything else falls into place.

Phil Swain
Chief information security officer at Extreme Networks

A top priority for businesses today is identifying key risks and accelerating security response times. With AI shortening attack cycles, security teams must shift from responding in days or weeks to hours or minutes. Rapid detection, alerting and response mechanisms are essential to staying ahead of evolving threats.

Employee education also plays a crucial role in cyber security. No matter how many security controls are in place, human error remains a major vulnerability – employees can still open phishing emails, click on malicious links and use weak passwords. Organisations must focus on educating employees to minimise these risks while maintaining productivity.

Fabio Fratucello
Field CTO World Wide at CrowdStrike

Today’s adversaries aren’t breaking in – they’re logging in.

Attackers have shifted from traditional malware-based methods to exploiting identity gaps and using stolen credentials to silently infiltrate environments. Once inside, they operate as legitimate users, bypassing legacy security tools and moving laterally across identity, endpoint and cloud domains. As highlighted in CrowdStrike’s 2025 Global Threat Report, 79 per cent of initial access is now malware-free and access broker activity has surged by 50 per cent year over year. The reality is that traditional security measures, previously effective against malware-driven attacks of the past, are now inadequate.

Identity Management Day is a timely reminder for organisations to reassess their identity security posture and take a proactive, identity-first approach to defence. This includes implementing zero trust principles, ensuring identities are continuously monitored, hardening authentication with MFA and passwordless authentication, deploying AI-powered threat detection and intelligence, and eliminating unnecessary access privileges. Additionally, organisations need a unified security platform – powered by real-time intelligence – that correlates identity, cloud and endpoint activity to provide comprehensive visibility across domains and eliminate blind spots. With an identity-centric security strategy and unified security platform in place, organisations can focus on stopping the breach.

Norbert Kiss
Senior vice president - APAC at Delinea

Identity Management Day is a timely reminder of how identity is more than just user credentials. Machine identity should also be considered.

With machine identities now outnumbering user credentials by a factor of 46 to 1, they are now the biggest risk in the identity space.

This represents an expanded attack surface, and the rise of AI is accelerating the speed and precision of attacks. With machine identities set to surpass 45 billion by the end of 2025, cyber criminals are increasingly exploiting non-human access to move through systems undetected. Yet many organisations still focus almost entirely on human credentials, leaving a changing attack surface exposed and often overlooked.

Securing identity now means securing everything – people, systems, applications and automated processes. That starts with limiting standing privileges, continuously verifying access and gaining visibility across every identity in the environment. Machine identities are no longer a future issue, they are already reshaping how breaches happen. Identity is now central to an organisation’s security strategy.

Erich Kron
Security Awareness Advocate at KnowBe4

Identity Management Day reminds us that protecting employee identities is essential. As cybercriminals increasingly leverage sophisticated tactics like credential stuffing and social engineering, even minor vulnerabilities can be exploited. The reuse of passwords remains a key enabler as once a single set of credentials is compromised, attackers can rapidly infiltrate multiple systems. That’s why organisations must stress the importance of strong, unique passwords and encourage the use of password managers. But technology alone isn’t enough. Continuous education through security awareness training empowers employees to spot phishing and other identity-targeted threats before they cause harm. Building a culture of mindfulness and making it easy for staff to report suspicious activity are also key. Ultimately, protecting digital identities is a shared responsibility and everyone must play a part in keeping organisations secure.”

Andrew Black
Managing Director, ConnectID

It's hard to say precisely how much cybercrime is linked to identity theft, but the estimates are staggering. Some put the global cost of identity fraud as high as US$50 billion or nearly $80 billion. Stolen identities play a central role in scams, fraud, and unauthorised access to data, all of which are expected to contribute losses in the trillions of dollars this year.

In Australia, an estimated 255,000 people experienced identity theft between July 2023 and June 2024 according to the Australian Bureau of Statistics, highlighting the growing threat of identity-related crime. That's why Identity Management Day matters. Established in 2021, it raises awareness of just how central identity is to our lives and how vulnerable it can be without proper protection.

With all services now online, managing our identities has become perhaps the most critical aspect of self-protection and increasingly complex.

We routinely share our data and IDs online, whether this be signing up for a new platform, applying for a rental property or onboarding for a new job. Each of these actions involves sharing personal information across multiple companies. This creates a significant vulnerability, as each organisation now holds fragments of our most sensitive data, increasing the risk of exposure in the event of a breach.

Taking steps to manage and secure your identity data is not the responsibility of the individual alone. We need better digital identity infrastructure systems that minimise data sharing and allow people to prove who they are without excessive disclosure.

We need standards that prioritise privacy and security. We need businesses and governments to collaborate to make sharing our identity safe, consistent, and user controlled.

Identity Management Day might not grab headlines. But it should, because a safer digital economy begins with identity being protected.