Semperis has published results from the 2025 Purple Knight Report indicating that organisations continue to struggle to identify and address security vulnerabilities in hybrid identity systems such as Active Directory, Entra ID, and Okta. Notably, the average score of 61 out of 100 is 11 points lower than the average score of 72 in the 2023 report. But users reported an average improvement of 21 points - and as high as 61 points - after applying Purple Knight’s remediation guidance, developed by Semperis identity security experts.
Purple Knight score averages were highest among the largest organisations (10,000+ employees), with an average score of 73, and the smallest companies (0-500 employees), with an average score of 68 out of 100.
“The largest organisations have more resources, and the smallest organisations often have less-complicated environments to secure,” said Sean Deuby, Semperis Principal Technologist, Americas.
Organisations with between 2,001 and 5,000 employees averaged a score of 52, the worst overall, highlighting the dilemma faced by midsized organisations with complex systems and limited resources for addressing AD security problems. “The midsized companies are where the IT pros have to do everything. You don’t have full-time AD specialists,” said Deuby.
Among the six categories of vulnerabilities included in Purple Knight, the scores were lowest in the AD Infrastructure category, followed by Account Security, Kerberos, Group Policy, Entra ID, and Okta.
“Hybrid identity environments are complex, and threat actors know it. Overall, organisations can’t protect what they can’t see. The lower average scores in the 2025 Purple Knight Report indicate how crucial it is for companies to proactively assess vulnerabilities across their hybrid identity systems so they can close security gaps before attackers exploit them,” said Deuby. “Purple Knight gives organisations of all sizes the ability to identify vulnerabilities and remediate them before risks become damaging losses because of a compromise.”
Among industries, the government sector scored the lowest average score of 46, followed by retail at 51 out of 100 and transportation and education at 57 out of 100. Healthcare averaged a score of 66, still poor, but the highest among all verticals.
