New research finds 38% of security leaders have experienced an identity-related incident with measurable financial or operational impact, yet 41% still have no defensible dollar estimate of their exposure.
Santa Clara, Calif. — June 10, 2026 — Axiad, a leader in identity security and identity risk intelligence, today released Blind Spots, a research report based on a survey of 312 senior security and IT leaders at U.S. enterprises with 500 or more employees. The findings reveal a consistent pattern: confidence in identity risk posture outpaces the ability to act on it when an incident actually occurs.
Nearly two-thirds of respondents (64%) said they have a complete, real-time picture of identity risk across their environment. Yet fewer than half (43%) said they could assess the full blast radius of a compromised, high-privilege account within minutes. The majority require hours or days, and a small share could not do it reliably at all.
"Believing you can see your identity risk surface is not the same as being able to act on it," said David Canellos, CEO at Axiad. "When an incident unfolds, organizations that need hours or days to understand the scope of exposure take the hardest hits. That gap between perceived visibility and operational readiness is exactly what this research quantifies."
The cost is not theoretical. More than a third of respondents (38%) reported experiencing an identity-related security incident with a measurable financial or operational impact. An additional 39% reported narrowly avoiding an incident but said remediation required significant unplanned resources to contain.
Few can put a number on the risk. Effective security investment requires quantifying exposure in financial terms. Yet 41% of respondents said they have no defensible, methodology-backed dollar estimate of their identity risk exposure. Even among those who claim a financial estimate, the data reveals a tension: “lack of financial context to justify remediation investment” ranks as the third-largest barrier to acting on identity risk gaps, suggesting many estimates aren't as actionable as they appear. And 34% say their existing tools surface issues but lack the context to prioritize by business impact, leaving security teams generating findings they cannot act on decisively.
AI is widening the gap. 85% of respondents expressed concern that AI-accelerated vulnerability discovery is outpacing their organization's ability to prioritize and respond, with more than half very or extremely concerned. The volume of findings is rising faster than human teams can manually triage them.
The market is ready to act. 94% of respondents said building a more complete, financially quantified view of their identity risk posture is a top or high priority in the next 12 months.
The full report, including findings on visibility, prioritization, and the barriers to acting on identity risk, is available at: https://engage.axiad.com/research-report-blind-spots
Methodology
The survey was commissioned by Axiad and conducted through Centiment, a B2B panel provider, in May 2026. It reached 312 senior security and IT leaders, including CISOs, CIOs, and VPs/Directors of Security and Identity & Access Management, at U.S. enterprises with 500 or more employees. Technology respondents were capped at approximately 20% of the sample to prevent vertical skew. All respondents confirmed direct involvement in evaluating, selecting, or overseeing identity security solutions.
About Axiad
Axiad is a leader in identity security and a pioneer of the Identity Visibility and Intelligence Platform (IVIP) category, delivering phishing-resistant authentication and identity risk intelligence for the modern enterprise. Axiad Mesh enables organizations to discover the full scope of their identity risk exposure, prioritize what to fix first with financial precision, and act with the speed and confidence the modern threat environment demands. Trusted by Fortune 500 companies and federal agencies, Axiad maintains a 95% customer retention rate. Learn more at axiad.com.
Media Contact
axiad@guyergroup.com