Stolen Identities Remains Top Cybersecurity Threat

The rise of AI-based attacks and stolen identities has led to an increase in fraud, while a single compromised identity poses a significant risk to the entire organization.

ForgeRock®, a global leader in digital identity solutions, has released its 2023 Identity Breach Report, revealing alarming statistics on stolen identities and their impact on businesses. In 2022 alone, 1.5 billion user records were exposed, resulting in an average cost of $9.4 million per breach.

The report highlights the growing threat landscape posed by AI-driven fraud attacks, which utilize tactics like phishing emails, malicious code, and deep fakes (voice or video-based impersonation). These methods are increasingly challenging to detect and are putting both consumers and enterprises at risk.

The ForgeRock 2023 Identity Breach Report emphasizes that attackers persist in targeting credentials, using them as a gateway to infiltrate organizations across industries and regions. The integration of AI technology further complicates threat identification for human users.

A single compromised authorized identity within an enterprise or a service provider can lead to significant breaches or ransomware attacks affecting millions of consumers. To mitigate these risks, organizations must implement comprehensive digital identity and access management solutions that enhance security without compromising user experience across all functions.

Other key findings from the report include:

  • Unauthorised access remains the leading cause of breaches for the fifth consecutive year.
  • 52% of reported breaches originated from third-party partners and suppliers.
  • Healthcare sector experienced a 50% increase in attacks compared to 2021.
  • Social Security Numbers and date of birth information were exposed in 72% of breaches.
  • Attacks within the financial services sector decreased by 29%, but the insurance industry was heavily affected.

To combat the common breach types identified in the 2023 ForgeRock Identity Breach Report, organizations should implement best practices such as adopting a Zero Trust framework for access verification, implementing passwordless authentication to counter password-based attacks, and utilizing AI-driven Identity and Access Management (IAM) tools to manage the high volume and speed of cyberattacks.

Eve Maler, CTO at ForgeRock, stated, “The most secure organizations will be those that combine the use of technologies like AI with a well-designed approach to security operations and usability.”

In addition to data breaches in the United States, the report also highlights attacks in other regions, including the United Kingdom, Germany, Australia, and Singapore.

To access the complete 2023 ForgeRock Identity Breach Report, visit