52% of employees have downloaded apps without IT approval

73% of employees are encouraged to use AI, but 33% don’t always follow AI policies

74% of security and IT professionals say SSO is not a complete solution for securing identities, with 30% of apps not protected by SSO

TORONTO--(BUSINESS WIRE)--

1Password, a leader in identity security, today released its 2025 Annual Report: The Access-Trust Gap. The findings reveal a growing Access-Trust Gap, the divide between the types of access that security and IT teams can control and the reality of how workers access sensitive data in practice, driven by the rapid adoption of SaaS and AI tools that exceed the reach of traditional identity tools.

“People will always avoid friction, creating their own solutions when support isn’t clear. Today that shows up in the complexity of SaaS and AI implementations,” said Dave Lewis, Global Advisory CISO at 1Password. “The issue isn’t the SaaS and AI tools enterprises use in their corporate environments; it’s our assumptions. Organizations are asking yesterday’s identity tools to govern a cloud-native, AI-accelerated workplace. That disconnect has caused the Access-Trust Gap. If organizations want resilience and speed, the industry must treat access as continuous, context-aware, and largely invisible, protecting every app, every tool, and every identity while letting employees get on with the work.”

AI Productivity Outpaces Security Readiness

The report finds that while knowledge workers are using AI tools to boost productivity, few organizations are equipped to manage it safely. Weak policy enforcement and poor oversight have fueled a rise in shadow AI, exposing organizations to compliance and security risks.

Risky AI usage is widespread: 22% of employees have shared company data with AI to write a report or presentation, 24% have shared customer call notes, and 19% have shared employee data, such as performance reviews.

Shadow AI increases risk: 43% use AI apps to do work on personal devices, while 25% use unapproved AI apps at work.

AI governance is lagging: 73% of employees are encouraged to use AI, but 33% do not consistently follow policies.

“I know we’ve got data going into these LLMs that we don’t have control over–the best we can do is sign enterprise agreements that offer some legal protections,” said Nick Tripp, CISO of Duke University. “But if someone uses a tool we don’t have an agreement for, there’s no protection for us.”

SSO Wasn’t Built for the Modern Workforce

Traditional tools like single sign-on (SSO) can no longer keep up with today’s fast-changing SaaS and AI environment. Employees are adopting new tools faster than IT can govern them, leading to unmonitored access, unmanaged apps, and offboarding security risks.

Shadow IT is pervasive: 52% of employees have downloaded apps without IT approval; 42% bypass IT to boost productivity.

Unapproved apps weaken defenses: 49% of security and IT professionals say employee use of unapproved software has compromised their ability to maintain adequate protections.

SSO is not enough: 74% of security and IT professionals say SSO is not a complete solution for securing employee identities; 30% of apps are left outside SSO, and 34% of employees have accessed a prior employer’s account, data, or apps.

Passwords remain the weakest link: 66% of employees admit to poor password practices, and compromised credentials are the root cause of 53% of material breaches in the past three years.

“SaaS sprawl has led to a dramatic rise in shadow IT: apps and tools used without the approval or knowledge of security teams. Protecting organizations means securing all the apps used by employees, not just the managed apps.” - Omdia’s report How Extended Access Management (XAM) Closes the Gaps in Security.

Global Findings: The Access-Trust Gap Widens

1Password’s global report finds the Access-Trust Gap extends far beyond North America. The data points to a universal challenge – legacy identity systems can’t scale to meet the demands of decentralized, SaaS- and AI-driven work.

Singapore leads in shadow IT: 55% of employees admit to downloading apps without IT approval, compared to Germany (46%), the U.S. (44%), the UK (43%), and France (33%).

Shadow AI is on the rise: 30% of Singapore employees report using unapproved AI tools, followed by the UK (28%), Germany (27%), France (27%), and the U.S. (25%).

Germany has a password problem: 44% of employees admit to poor practices, the highest globally.

Report Methodology

The 1Password 2025 Annual Report: The Access-Trust Gap is based on an online survey that included 5,200 desk-based knowledge workers across the U.S., Canada, the UK, Germany, France, and Singapore. The North American data cited in this press release reflects responses from 1,500 workers, including IT and security professionals.

For full findings of 1Password Annual Report 2025: The Access-Trust Gap, read here.

About 1Password:

Trusted by over 175,000 businesses and millions of consumers, 1Password pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. Our mission is to unleash productivity without compromising security. The 1Password Extended Access Management platform secures every sign-in, to every app, from every device, including the managed and unmanaged ones that legacy IAM, IGA, and MDM tools can’t reach. Leading companies such as Aldo Group, Asana, Associated Press, Browserbase, Canva, Cresta, Golden State Warriors, Hugging Face, IBM, MediaComm Communications, MongoDB, Octopus Energy, PGA Tour, Salesforce, SandboxAQ, Slack, Stripe, Under Armour, and Wish rely on 1Password to close the Access-Trust Gap: the security risks posed by unfederated identities, unmanaged apps, devices, and AI agents accessing sensitive company data without proper governance controls. Learn more at 1Password.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251030728736/en/

Source: 1Password