Unosecur Cloud Compliance Pulse 2025 reveals forty identity‑security failures in the average cloud tenant

94 percent of organisations carry at least one high‑severity gap; privileged accounts without multifactor authentication remain the most common violation.

Berlin, 21 July 2025: Unosecur, the Berlin-based identity security innovator, has published its Cloud Compliance Pulse H1 2025, a rigorously curated benchmark that quantifies the real‑world state of identity security across public‑cloud estates. Drawn from automated scans performed between 1 January and 30 June 2025, the report will be publicly accessible on Monday, 21 July.

Methodology

During the first half of 2025, 169 organisations completed Unosecur’s free Identity‑Security Posture Test. From that population the research team selected a stratified, pseudonymised sample of fifty companies, balanced by industry, geography, and primary cloud provider. The sampling approach delivers ninety‑percent statistical confidence with a margin of error of plus or minus ten percent while preserving a six‑month publication cadence. Every record in the dataset is mapped directly to ISO 27001/27002, PCI DSS v4, SOC 2, CIS v8 and GDPR controls, and all company identifiers have been masked in accordance with GDPR.

Key findings

Across the sample, analysts recorded an average of forty identity‑ and access‑related control failures for each cloud tenant. Ninety‑four percent of participating organisations exhibited at least one high‑severity gap. The single most frequently violated requirement was ISO 27002 - 5.17, which mandates multifactor authentication for privileged accounts; sixty‑eight percent of tenants failed this control. Four recurring gap families: missing multifactor authentication; over‑privileged roles; stale or duplicate credentials; and unmanaged service‑account keys; together accounted for seventy percent of all high‑severity findings.

Why the results matter

Forty unresolved weaknesses can translate into forty separate observations on an ISO, SOC 2, or PCI audit worksheet, increasing evidence‑collection time and delaying certifications. Insurance carriers now incorporate privileged‑MFA coverage and key‑rotation evidence into premium calculations, which means that high gap counts can raise annual cyber‑insurance costs by double‑digit percentages. On the incident‑response front, every major public‑cloud breach investigated by Unosecur this year, including the widely reported McHire “123456” credential exposure, originated inside one or more of the same four gap families highlighted in the Pulse.

Guidance for enterprise leaders

The report recommends that executive teams focus first on four quantitative indicators: the percentage of privileged identities protected by multifactor authentication, the number of permanent high‑privilege role assignments, the age distribution of access keys, and the proportion of service‑account secrets held in a managed vault. By measuring these metrics monthly, enforcing identity‑provider multifactor authentication, rotating keys older than thirty days, and replacing standing administrator roles with just‑in‑time elevation, organisations can eliminate the majority of audit pain and materially reduce the probability of a credential‑driven breach.

Guidance for Editors, Analysts, and CISOs

The Cloud Compliance Pulse dataset is already informing supervisory briefings in several jurisdictions and has been requested by multiple underwriters seeking actuarial input for next‑year premium models. Unosecur’s research team will be available this week to provide embargoed access to the full seventy‑page report, walk through sector‑specific trends, and discuss remediation playbooks that translate immediately to board‑level risk dashboards.
‍

About Unosecur

Founded in 2021 and headquartered in Berlin, Unosecur secures human and non-human identities across on-premise and multi-cloud environments. Its AI-powered Unified Identity Fabric delivers real-time visibility, least-privilege automation, and instant incident response aligned to MITRE ATT&CK. Its AI-driven platform discovers every identity and access across multi-cloud and on-prem environments, continuously analyzes their posture, and powers real-time Identity Threat Detection & Response (ITDR). Backed by VentureFriends, DFF Ventures, Leo Capital, and Heartfelt (APX), Unosecur is scaling its platform and global footprint to meet the evolving identity-security needs of modern enterprises. For more information, please visit www.unosecur.com.

Media Contact: Andreas Winiarski, press@unosecur.com 

‍