Bitwarden Business Insights Report: Employees Take Nine Days to Update At-Risk Credentials, Leaving IT Leaders Struggling to Enforce Enterprise Security

Report finds 68% of IT managers say employee motivation is the biggest challenge in remediating at-risk credentials

Bitwarden, the trusted leader in password, passkey, and secrets management, today announced the results of the Bitwarden Business Insights Report. The survey of over 100 IT leaders reveals significant gaps in credential security, with nearly half of organizations (48%) reporting ineffective password health monitoring and employees taking an average of nine days to update weak or compromised credentials.

Credential security remains a priority, yet 68% of IT leaders struggle to enforce it

IT admins recognize credential security as a priority, with 67% citing credential access management as being very important. However, organizations still face hurdles in enforcing password management, with 68% of respondents identifying employee motivation as a major implementation challenge.

A lack of visibility and user awareness further complicates password security. 44% of IT admins say employees struggle with knowing how to change their passwords, while 36% cite difficulty tracking employee progress toward more secure practices.

Password risks persist as 60% of IT leaders report ineffective at-risk credential update strategies

Weak passwords remain a top attack vector, yet organizations struggle to proactively monitor and enforce security policies. The report also reveals:

• Proactive measures: 53% of IT managers want to take a proactive approach to credential security, but only 33% reveal that they are currently able to do so.
• Strategic effectiveness: Approximately 60% of IT managers report their strategies for quickly updating at-risk credentials to be only somewhat effective or completely ineffective.
• Limited resources: 66% of organizations that do not alert employees to update at-risk credentials say they lack the tools or resources to do so effectively.

51% of IT leaders say employees don’t take security seriously

90% of IT admins rely on employees to update their own credentials, most often through email notifications (42%) or direct conversations (36%). However, more than half of IT leaders (51%) say employees do not take security measures seriously, leading to delayed remediation and increased risk.

IT leaders identified key strategies for improving password security:

• Prioritization of security actions: 51% of IT leaders believe that clearly prioritizing security actions significantly enhances security posture.
• Intuitive workflows: 46% suggest that simplified workflows for non-technical users would facilitate easier and timelier password updates.
• Regular training: 45% advocate for regular security training to instill robust password habits and awareness among employees.

Strengthening security with password health monitoring

Credential security is foundational to an effective identity and access management (IAM) strategy. To enhance security posture, organizations are encouraged to leverage tools that help IT teams detect weak, reused, or exposed credentials. Implementing strong password policies and streamlining credential updates reduces the enterprise attack surface and improves response times to emerging threats.

Methodology and full report

The Bitwarden Business Insights Report is based on a survey conducted among 108 IT administrators and business leaders from organizations with over $1 million in annual revenue, collected between late 2024 and early 2025.

For a detailed analysis of credential security challenges and strategies, download the full report here: https://bitwarden.com/resources/bitwarden-business-insights-report/.

To learn more about how Bitwarden supports enterprise security and compliance, visit bitwarden.com

About Bitwarden

Bitwarden equips enterprises and individuals with the power to securely manage and share information online with trusted open source security solutions. With a password manager for everyone, users can easily manage their entire online identity anywhere. Bitwarden Secrets Manager and Passwordless.dev enhance developer secrets security and streamline passkey development for end users and workforce authentication. Founded in 2016, Bitwarden serves over 50,000 businesses and more than 10 million users worldwide across 180 countries in 50+ languages. The company is headquartered in Santa Barbara, California. Learn more at bitwarden.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250326883544/en/