A new research report by Keeper Security has revealed global insights from security professionals on the state of cybersecurity. The report, entitled Identity, AI and Zero Trust: Cybersecurity Perspectives from Infosecurity Europe, Black Hat USA and it-sa, found that professionals across the UK, the United States and Germany agreed that Artificial Intelligence (AI) is reshaping cybersecurity on both sides of the battlefield. Only 12% of respondents in the UK and 16% in the United States said their organisations are fully prepared to handle AI-enhanced attacks. In Germany, confidence was higher at 28%, but most respondents acknowledged that preparedness remains a work in progress.
Unlike traditional surveys, this study is built on anonymous, in-person feedback from cybersecurity professionals on the front lines of defence. More than 370 practitioners shared candid insights during three of the industry’s most influential conferences (Infosecurity Europe in London, Black Hat USA in Las Vegas and it-sa in Nuremberg) offering a view into how security teams are adapting to an increasingly complex threat landscape.
In the United Kingdom, these insights arrive amid a sharp escalation in cyber activity. The National Cyber Security Centre (NCSC) recently reported a 50% year-on-year rise in nationally significant cyber incidents, with new attacks emerging almost daily. The surge highlights how UK organisations face constant pressure to strengthen identity protection and access controls.
Zero trust was universally recognised as critical to a modern defence strategy, yet implementation continues to trail intent. At Infosecurity Europe, 18% of respondents reported fully implemented zero-trust frameworks. That figure rose to 27% at Black Hat USA and 44% at it-sa in Germany, reflecting stronger progress but underscoring that adoption remains uneven across regions.
In the UK, momentum around zero trust is being driven by national frameworks such as the NCSC’s Cyber Assessment Framework, the National Cyber Strategy 2022–2030, and the UK’s move to align with NIS2. Each underscores the need for robust identity and access management, yet Keeper’s findings show many organisations still lack the practical tools to put these policies into action.
The data also reinforces identity-based attacks as the leading global concern. Half of UK respondents identified phishing as the top identity-based threat, with 42% naming deepfakes. In the United States, 45% cited phishing as their greatest risk, followed by 41% who pointed to deepfakes. Concern peaked in Germany, where 61% of respondents identified deepfakes as the most significant identity-based threat.
In the UK, phishing remains the dominant attack vector. The Government’s Cyber Security Breaches Survey 2025 found that 85% of businesses experiencing an attack reported phishing among the methods used — a near-universal pattern that mirrors Keeper’s own UK findings.
Across all regions, privileged access controls were found to be inconsistent. In the UK, 43% said Multi-Factor Authentication (MFA) is not consistently enforced for privileged accounts. In the United States, 40% reported the same, while in Germany, half of the respondents said their organisations lack a dedicated PAM solution altogether.
The results reveal that security leaders are aligned on strategy but divided by execution. Awareness of zero trust, PAM and AI-driven security principles is high, yet complexity, resource constraints and competing priorities continue to delay deployment.
Darren Guccione, CEO and Co-founder, Keeper Security, said: “Identity has become the control point of cybersecurity. Our data demonstrates that the disparity between cybersecurity awareness and action is wide, but positive, proactive defence can close this gap. The organisations that lead in zero trust and PAM are not only protecting access but building the foundation for secure, scalable growth in the age of AI.”
The report emphasises that true resilience now depends on disciplined execution, measurable progress and the responsible use of AI to detect anomalies and manage risk across every access point.
