Organizations may be increasingly adopting Identity Threat Detection and Response (ITDR) practices, but a critical gap in disaster recovery readiness is leaving many vulnerable to catastrophic failure.

The annual State of ITDR survey from Quest Software, which gathered insights from 650 IT and security executives worldwide, reveals a startling lack of preparedness around post-attack restoration.

Despite industry recommendations to test disaster recovery plans every six months, more than 75% of organizations fail to do so. More alarming is that 24% of respondents admitted they never practice their recovery plans.

As organizations migrate to hybrid and cloud environments, the attack surface has shifted from the network perimeter to individual identities. This sprawl is compounded by an explosion of non-human identities, such as service accounts and automated bots, which outnumber human users by an estimated ratio of 82-to-1.

Security professionals cited non-human identities as their greatest challenge, with 51% identifying them as the most difficult assets to secure. The complexity arrives at a volatile time; security incidents linked to artificial intelligence (AI) use have surged by 57%, as attackers leverage automated tools for data poisoning and model theft.

There is a notable paradox in how firms perceive their defense versus their recovery. While 79% of respondents expressed confidence that AI tools will improve ITDR effectiveness, Quest executives warn that over-reliance on prevention is a dangerous gamble.

“Identity systems are at the center of most environments,” said Michael Laudon, chief technology officer at Quest Software. “When those systems are compromised, attackers gain immediate access. Most teams are not validating recovery often enough to ensure rapid restoration after an attack.”

There is a silver lining: Adoption is on the rise. Currently, 57% of organizations have formal ITDR practice in place, up from 48% last year. Further, 92% of leaders acknowledge the tangible benefits of these programs.

To bridge the gap between detection and recovery, industry experts point toward the NIST Cybersecurity Framework, which emphasizes a holistic approach across six core pillars: identify, protect, detect, respond, recover, and govern.

As threats become more sophisticated, the report suggests that recovery readiness will be the true differentiator between a minor breach and a business-ending event.