Survey Exposes Critical Gaps in Identity Disaster Recovery Testing
A new global survey has uncovered alarming deficiencies in how organizations handle identity disaster recovery, with over 75 percent failing to test their plans within the recommended six-month timeframe. Conducted by Quest Software, a leading data management and cybersecurity firm, the study polled 650 IT and security leaders worldwide, revealing that only 24 percent of companies adhere to the biannual testing guideline, while another 24 percent never test their disaster recovery strategies at all.
Rising Threats and Identity Sprawl Complicate Security
The findings highlight the growing challenges posed by identity as the primary attack surface, exacerbated by the sprawl of identities across on-premises, hybrid, and cloud environments. This complexity is intensified by the surge in AI-driven attacks, such as model theft and automated assaults, which have led to a 57 percent increase in security incidents linked to AI usage, according to a Microsoft study. Additionally, the rapid proliferation of non-human identities, estimated at an 82:1 ratio compared to human identities, has outpaced visibility and management capabilities, making identity security increasingly difficult for organizations to maintain.
Key Insights from the Quest Software Survey
The survey identified several critical trends in Identity Threat Detection and Response (ITDR):
- Testing Deficiencies: Merely 24 percent of organizations test disaster recovery every six months, with an equal percentage never conducting tests.
- AI Confidence: 79 percent of respondents express confidence that AI tools can enhance ITDR effectiveness.
- Security Challenges: In a multiple-choice selection, 51 percent cited non-human identities as the most difficult to secure, followed by third-party accounts (49 percent), service accounts (47 percent), and legacy systems (46 percent).
- Proactive Drivers: 78 percent indicated that proactive threat management is the primary motivator for implementing ITDR.
Since last year, there has been a notable increase in ITDR adoption, with 57 percent of organizations now having a practice in place, up from 48 percent. Similarly, 92 percent acknowledge the benefits of ITDR, compared to 84 percent in the previous survey.
Expert Commentary and Industry Recommendations
Michael Laudon, chief product and technology officer at Quest Software, emphasized the interconnected nature of identity security challenges. "Identity systems are at the center of most environments, connecting users, applications, data, automation, and cloud services," he stated. "When compromised, attackers gain immediate access and control, yet many organizations lack full visibility and struggle to validate recovery processes adequately."
The survey also points to an overreliance on preventative controls, with insufficient focus on response and recovery readiness. To address this, industry frameworks like the NIST Cybersecurity Framework, which emphasizes identify, protect, detect, respond, recover, and govern components, are recommended. Gartner's 2025 report advises organizations to adopt this framework to enhance cybersecurity and resiliency.
Quest Software's Role in Strengthening Security
Quest Software offers solutions that defend critical identity assets across platforms like Active Directory and Entra ID, automating recovery 90 percent faster and improving mean time to response by 44 percent. Recognized by Gartner in its 2025 report, Quest's ITDR portfolio helps organizations reduce risk, protect hybrid identity infrastructures, and respond swiftly to threats, potentially saving millions in downtime costs.
