Cybersecurity is often viewed as a technical challenge, but the truth is that it is a societal one. It requires a comprehensive approach that goes beyond individual security practices and addresses the broader societal implications of cyber threats. Two new reports have shed light on the dissonance between perceived security and actual preparedness, revealing a disturbing trend that highlights the urgent need for a more holistic approach to cybersecurity.
Awareness of Cyber Threats
The Iris consumer-focused Identity & Cybersecurity Concerns Survey and Delinea Labs’ Cybersecurity and the AI Threat Landscape report underscore that people are more aware of cyber threats than ever before. Ninety-one percent of respondents in Iris’ survey cited AI as a significant threat to personal information, and the anxiety surrounding AI is particularly acute among women.
Behavioral Response
Despite this high level of awareness, the behavioral response remains insufficient. Only 30 percent of respondents reported following all recommended cybersecurity practices, despite deep concerns about data breaches, compromised passwords, and fraud. This is particularly alarming, as it suggests that people are aware of the risks but are not taking adequate action to protect themselves.
Awareness vs. Action
The gap between awareness and action is further exacerbated by the fact that most respondents described themselves as feeling only “somewhat secure” while using their digital devices. This sense of unease reflects the dissonance between what people know and what they do.
The Reality of AI-Generated Cyber Threats
The reality of AI-generated cyber threats is stark. According to Delinea Labs’ report, AI is not just accelerating existing cyber threats but is completely redefining them. AI-generated phishing, deepfake impersonations, and automated ransomware are rapidly becoming the norm.
Phishing Attempts and Deepfakes
Phishing attempts increased by over 200 percent in 2024, and credential phishing surged by 703 percent. Deepfake attacks are now occurring every five minutes around the world. One notorious case involved a finance employee of British engineering giant Arup transferring $25 million after being duped by a deepfake impersonation of the company’s CEO during a video call.
Financial Institutions vs. Dedicated Cybersecurity Providers
Despite the reality of AI-generated cyber threats, most consumers still turn to their banks or credit card companies rather than dedicated cybersecurity providers when confronted with a data breach. Iris’ survey revealed that 46 percent would contact their financial institution compared to just 19 percent who would reach out to a cybersecurity provider.
Opportunities for Embedded Protection
There are significant opportunities for embedded protection, which could address both the accessibility gap and trust deficit. The Iris Chief Technology and Product Officer Erik Nienaber emphasized that consumers shouldn’t have to navigate a labyrinth of products to stay protected.
Seamless Security Integration
Instead, the goal should be seamless, behind-the-scenes security that is integrated into daily workflows and built into the systems people already rely on. Nienaber explained that Iris’ identity and cyber protection suite has been designed with this idea in mind, allowing partners to seamlessly integrate proactive security into the systems their customers already use.
The Delinea Report
The Delinea report highlights the growing attack surface of identity systems, particularly those involving Non-Human Identities (NHIs), digital accounts used by apps, APIs, and services. For every human identity, there are 46 NHIs, and over 70 percent are not rotated according to security best practices.
Identity System Failures
Failures in identity protection aren’t just theoretical. The Snowflake breach in 2024 – one of the biggest breaches last year – exploited stolen credentials from an employee account lacking multi-factor authentication (MFA). This single vulnerability led to the exposure of data from multiple high-profile clients that affected hundreds of millions of consumers.
Ransomware Attacks
Windows’ Active Directory, the backbone of access management for many enterprises, was the target of nine out of 10 ransomware attacks in 2024, according to Delinea. Attackers increasingly are using AI to probe weaknesses, bypass MFA through fraudulent push notifications, and exploit identity provider systems. MFA itself was implicated in nearly half of all incidents, often due to misconfiguration or user error.
Coordination and Proactive Defenses
The stress of recovering from identity fraud is immense, and the fact that only 5 percent of recent victims received help from an identity protection provider highlights a striking underutilization of available support. Iris CEO Paige Schaffer emphasized that consumers shouldn’t be left to navigate these complex threats alone.
Identity-First Security Strategies
Delinea’s report urges organizations to adopt identity-first security strategies and investing in advanced threat detection and continuous monitoring. It highlights the rapid growth in identity-related vulnerabilities, which rose by nearly 40 percent in 202.
Layered Defense Strategy
As attackers leverage AI to automate phishing sites, impersonate executives, and target privileged accounts, the window for detection narrows. Human vigilance, while still important, is no longer enough. Instead, a layered defense strategy is necessary.
Intelligent Access Controls and Risk-Based Authentication
One that integrates intelligent access controls, risk-based authentication, and real-time monitoring. Identity systems must be hardened against exploitation and consumer-facing platforms must evolve to offer embedded protection that meets users where they are.
Conclusion
The cybersecurity landscape is undergoing a fundamental transformation, with the tools of attack changing – fueled by AI, scale, and automation – yet the tools of defense remain fragmented and underutilized. Bridging this gap will require more than awareness and a rethinking of how cybersecurity is delivered, accessed, and experienced.
Embedded Protection as the Key to Success
Embedded protection is the key to success in this new landscape. By integrating security into the systems people already rely on, we can make it easier for individuals to stay ahead of evolving cyber threats without having to navigate complex security solutions on their own.
Seamless Integration and Trust
Seamless integration and trust are essential components of embedded protection. By embedding protection where consumers already are – whether through banks, credit card companies, or other trusted providers – we can build trust and confidence in the security of digital platforms.
Building a Safer Digital World
Ultimately, building a safer digital world requires a collaborative effort. Institutions, whether financial or governmental, must lead by example in deploying AI to defend, not just attack.
Collaborative Approach
A collaborative approach is necessary to address the societal implications of cyber threats. By working together, we can create a more secure and trustworthy digital ecosystem that benefits everyone.
Key Points
- Two new reports reveal a troubling dissonance between perceived security and actual preparedness.
- People are more aware of cyber threats than ever before, but their behavioral response remains insufficient.
- Awareness of AI-generated cyber threats is high, but action is lacking.
- Most consumers still turn to their banks or credit card companies rather than dedicated cybersecurity providers.
- Embedded protection is a key opportunity for both accessibility and trust deficit.
- Seamless security integration is the goal, rather than complex security solutions.
- Identity-first security strategies and advanced threat detection are necessary.
- A layered defense strategy is required to meet the evolving cyber threat landscape.
References
- “Cybersecurity and the AI Threat Landscape” by Delinea Labs
- “Identity & Cybersecurity Concerns Survey” by Iris
| Report | Key Findings |
|---|---|
| Delinea Labs’ Cybersecurity and the AI Threat Landscape report | AI is not just accelerating existing cyber threats but is completely redefining them. AI-generated phishing, deepfake impersonations, and automated ransomware are rapidly becoming the norm. |
| Identity & Cybersecurity Concerns Survey by Iris | Only 30 percent of respondents reported following all recommended cybersecurity practices, despite deep concerns about data breaches, compromised passwords, and fraud. |
“We need to rethink how cybersecurity is delivered, accessed, and experienced. Embedded protection is the key to success in this new landscape.” – Erik Nienaber, Chief Technology and Product Officer, Iris
“Cybersecurity is no longer just a technical challenge – it’s a societal one. We need a collaborative approach to create a more secure and trustworthy digital ecosystem.” – Paige Schaffer, CEO, Iris
“The gap between awareness and action is a critical issue that needs to be addressed. We need to bridge the gap between what people know and what they do.”
Additional Resources
- “Cybersecurity and the AI Threat Landscape” by Delinea Labs
- “Identity & Cybersecurity Concerns Survey” by Iris
- Cybersecurity awareness training
- Identity protection services
Contact Us
- Email: info@iris.com
- Phone: 1-800-IRIS-SEC
- Website: iris.com
About Iris
- Iris is a leading provider of identity and cyber protection solutions.
- Iris offers a comprehensive range of products and services to help individuals and organizations stay secure in the digital age.
Final Thoughts
The cybersecurity landscape is undergoing a fundamental transformation, and it’s essential that we adapt to these changes. By embracing embedded protection, we can create a more secure and trustworthy digital ecosystem that benefits everyone. Let’s work together to build a safer digital world.
