Bitwarden report shows IT managers struggle with employee motivation in credential management

IT managers highlight employee motivation as the primary challenge in remediating at-risk credentials, according to the Bitwarden Business Insights Report. The report, based on a survey of over 100 IT leaders, reveals that 68% of respondents identify this issue as a significant barrier to effective credential management. Nearly half of organizations report ineffective monitoring of password health, with employees taking an average of nine days to update weak or compromised credentials. Despite 67% of IT administrators recognizing credential access management as important, barriers remain, including a lack of user awareness and visibility into password practices. 44% of IT leaders report employees struggle to understand how to change passwords, while 36% have difficulties tracking progress towards enhanced security. The survey also indicates that 60% of IT leaders consider their strategies for updating at-risk credentials to be only somewhat effective or completely ineffective. Proactive measures to enhance security are desired by 53% of IT managers, though only 33% report having the capability to implement such measures. Limited resources hinder organizations; 66% of those without systems to alert employees about at-risk credentials cite a lack of tools. Furthermore, 90% of IT admins rely on employees to self-manage their credentials, primarily through email notifications or conversations. However, over half of the IT leaders express concern that employees do not take security seriously, leading to delays in addressing vulnerabilities. IT leaders recommend strategies such as prioritizing security actions, creating intuitive workflows, and conducting regular security training to improve password management. The report underscores the importance of credential security in Identity Access Management (IAM) strategies, advocating for tools that help detect weak or reused credentials. By enhancing password policies and streamlining updates, organizations can better protect their networks from potential threats. The data derives from a survey of 108 IT administrators and business leaders from organizations with over $1 million in annual revenue, conducted between late 2024 and early 2025.