Report: Enterprises Are Losing Nearly Half a Day on Every Critical Identity Alert

Enterprises are losing nearly half a day on every critical identity alert — and that delay is giving attackers a dangerous head start. A new study from the Enterprise Strategy Group (ESG) and Teleport reveals that it takes an average of 11 hours for security teams to investigate and remediate a single identity-related incident. In the age of AI, that gap has become more than a nuisance. It is an open invitation to attackers who can move laterally across systems in minutes.

The AI Identity Problem

Identity was already a fragmented landscape. Cloud platforms, developer tools, databases, and infrastructure each come with their own identity providers and access models. Adding AI into the mix creates a new kind of identity that often comes with over-privileged access to sensitive data. Nearly half of businesses in the study have already deployed AI agents, and more than half of respondents flagged data privacy as their top concern.

Ev Kontsevoy, CEO of Teleport, which sponsored the study, warned that AI is accelerating the economics of attacks. “When it only takes minutes for threat actors to move laterally across your infrastructure, 11 hours to investigate an identity-related incident simply isn’t good enough. As we move deeper into the age of AI, we must remember that AI dramatically lowers the cost of identity attacks, and we must expect the frequency of them to increase. We must improve the trustworthiness of computing environments. We can only achieve this by eliminating anonymity and human error, and by unifying identity to simplify policy enforcement and enhance visibility of what each identity is doing.”

A Growing Target on Credentials

The ESG research highlights that static credentials — passwords, API keys, and other reusable secrets — remain an easy prize for cybercriminals. Credential theft now accounts for one in five data breaches. The number of compromised credentials has spiked 160 percent this year, adding fuel to the fire for attackers who thrive on impersonation.

Too Many Tools, Too Little Clarity

Fragmentation extends beyond identities themselves. On average, security teams juggle 11 different tools to trace and investigate identity-related issues. That patchwork approach leaves blind spots that adversaries exploit.

“Most cybersecurity solutions only see part of the picture,” said Todd Thiemann, principal analyst at Enterprise Strategy Group. “Few organizations understand the scale of the threat, let alone how quickly malicious actors can move laterally and disrupt systems. Each application expands a company’s security and compliance surface area, often faster than they can govern it, and few are easily integrated with identity tools. This leaves blind spots, orphaned accounts, inconsistent access privileges, and gaps in auditability, which significantly raises the risk of breaches and regulatory penalties.”

A Push for Unified Identity

Teleport is betting that the solution lies in consolidating identity into a single, cryptographic model. Kontsevoy argues that security teams need immediate answers to fundamental questions: who accessed a database, with what permissions, whether the behavior was anomalous, and what the identity did across multiple platforms.

“The blind spots created by complex IT aren’t just a danger to security. They’re bottlenecking the productivity of engineers and security professionals,” he said. “To answer these questions, we need a different approach to cybersecurity, one that isn't based on secrets and siloed identities, but on combining unified, cryptographic identity with just-in-time access. That’s how we minimize the attack surface.”

Teleport recently introduced Identity Security, which it describes as the industry’s first system to provide “full identity chain observability.” Instead of spending hours piecing together logs from disparate systems, the platform promises to surface risky activity in minutes.

Why It Matters

As enterprises deepen their reliance on AI and cloud services, identity has become the connective tissue of digital security. The ESG study makes clear that the current model — fragmented tools, static credentials, and delayed investigations — is unsustainable. Attackers are moving faster than defenders can respond, and without unified visibility, organizations risk letting identity become their biggest vulnerability.