More than 75% of organizations are not practicing identity disaster recovery within the recommended six-month timeframe. This leaves a critical gap in cyber resilience and creates an opportunity for channel partners to help operationalize recovery.
That’s according to Quest Software’s latest survey, which queried 650 global IT and security leaders and practitioners about how they approach identity threat detection and response. The findings show that while more organizations view identity security as essential, many fail to validate post-attack recovery plans. Fewer than a quarter of respondents said they test identity disaster recovery every six months, the recommended cadence cited by Quest. Another 24% said they never test their plans at all.
The stats should sound the alarm for partners and their customers. According to Quest, identity systems now sit at the center of most environments, connecting users, applications, data, automation and cloud services. When systems are compromised, attackers can gain immediate access and, in many cases, influence how quickly an organization can respond and recover.
“What we are seeing is not a lack of awareness, but a gap between intention and execution,” Michael Laudon, chief product and technology officer at Quest Software, told Channel Dive. “For most organizations, identity recovery remains more theoretical than practical.”
In other words, he explained, many organizations have prevention and detection tools in place but have not validated whether they can restore identity systems end-to-end under real attack conditions.
Challenges mount as identity environments become more complex.
Quest pointed to the rapid expansion of non-human identities as one factor making identity security harder to manage. Industry estimates now place the ratio of machine identities to human identities at roughly 82 to 1. In the Quest survey, more than half of respondents said non-human identities were the most difficult category to secure. Other problem areas included third-party and partner accounts, service accounts and legacy systems.
The survey found growing optimism around the role of AI in identity security. Nearly four-fifths of respondents said they believe AI tools can improve the effectiveness of ITDR programs.
At the same time, organizations are investing more in ITDR programs. Nearly 60% of respondents said their organizations have a program in place, up from 48% last year. Similarly, more than 9 in 10 reported benefits from ITDR, compared with 84% in 2025.
More than three-quarters of respondents cited proactive threat management as a major driver behind ITDR adoption.
Despite evidence of progress, the research indicates that many organizations remain overly focused on preventive controls at the expense of response and recovery readiness. One contributing factor, Laudon said, is that organizations often rely on general-purpose backup and data protection tools designed to restore individual systems rather than to coordinate recovery across a distributed identity environment. Organizations using so-called “purpose-built” identity recovery tools tend to recover up to 90% faster, “saving millions of dollars in downtime and recovery‑related costs,” Laudon said.
Even though the survey did not quantify the use of third-party partners, Quest said organizations frequently rely on experienced service providers to aid in identity recovery operatios and strategy.
“In many cases, partners play a critical role in moving identity recovery from a documented plan to a proven, repeatable capability,” Laudon said.
Managed service providers are embedding identity recovery directly into the security services they deliver to customers, he said, adding that, across engagements, “partners help organizations reduce risk during recovery testing, bring hands‑on experience with complex identity environments, and accelerate maturity by establishing repeatable recovery processes.”
In fact, Laudon said, the channel is essential to successful ITDR initiatives.
“As identity attacks continue to increase and hybrid Active Directory and Entra ID environments become more complex, partner‑led identity recovery services are becoming an important part of how organizations build confidence in their ability to recover when prevention and detection are not enough.”
Channel Dive’s James Anderson contributed to this article.
