Organizations are taking 11 person-hours on average to investigate a single identity-related security alert, according to new research.
Analysis from Enterprise Strategy Group found security teams are facing significant challenges managing the volume of alerts, especially since the rise of agentic AI.
In many organizations, meanwhile, its rapid adoption is outpacing organizational oversight and creating new attack vectors.
Identity is already fragmented across cloud services, developer platforms, identity providers, and infrastructure resources such as databases, servers, Kubernetes and workloads.
All told, this fragmented ecosystem of platforms, tools, and solutions, is hampering response times and placing enterprises at huge risk, the report noted.
“When it only takes minutes for threat actors to move laterally across your infrastructure, 11 hours to investigate an identity-related incident simply isn’t good enough,” warned Ev Kontsevoy, CEO of Teleport, a sponsor of the research.
“As we move deeper into the age of AI, we must remember that AI dramatically lowers the cost of identity attacks, and we must expect the frequency of them to increase.
"We must improve the trustworthiness of computing environments. We can only achieve this by eliminating anonymity and human error, and by unifying identity to simplify policy enforcement and enhance visibility of what each identity is doing.”
Credential theft is surging
Things are made all the harder by the ease with which criminals can obtain valid static credentials such as passwords or API keys to impersonate identities.
According to the study, credential theft now accounts for one-in-five data breaches, with the number of compromised credentials having surged 160% in 2025 so far.
This fragmentation of identities is also reflected in the tools that enterprises use to manage them, with security teams using an average of 11 tools to trace identity-related security issues.
The reason is a complex mixture of cloud adoption, cyber insurance requirements and the need for separate tools for different environments, such as on-premises, cloud or SaaS, as well as customer security requirements, legacy tools, and industry compliance requirements.
“Few organizations understand the scale of the threat, let alone how quickly malicious actors can move laterally and disrupt systems," said Todd Thiemann, principal analyst at Enterprise Strategy Group.
"Each application expands a company’s security and compliance surface area, often faster than they can govern it, and few are easily integrated with identity tools."
"This leaves blind spots, orphaned accounts, inconsistent access privileges, and gaps in auditability, which significantly raises the risk of breaches and regulatory penalties," Thiemann added.
Identity security is now a priority
For most organizations, modernizing workforce identity security is a priority, with 91% saying it's a top-five concern.
As a result, budgets are growing year over year, with 87% of organizations reporting plans to increase their spending on workforce identity security, and more than one-third anticipating a significant rise.
According to Kontsevoy, the most efficient strategy lies in combining unified, cryptographic identity with just-in-time access. That’s how teams can more effectively minimize the attack surface.
“The blind spots created by complex IT aren’t just a danger to security. They’re bottlenecking the productivity of engineers and security professionals. They need a way to quickly answer vital questions," he said.
"Who accessed database X and with what permissions? Is this behavior unusual for the identity in question? What’s the full summary of what an identity did in a single session across platforms? To answer these questions, we need a different approach to cybersecurity, one that isn't based on secrets and siloed identities."
Shoring up defenses
The study from Enterprise Strategy Group comes amid a sharpened industry focus on identity security in recent months.
With businesses across a range of industries adopting agentic AI solutions, this poses serious challenges with regard to managing machine identities.
A recent study from Okta, for example, found 85% of security leaders now view identity and access management (IAM) as a crucial part of their broader security posture, marking an increase compared to 79% in the year prior.
Similarly, 78% of respondents to the Okta survey said that controlling access and permissions for “non-human identities” now represents their main security concern, overtaking long-running focuses such as lifecycle management and network visibility.
Okta’s advice on this front centered largely around closer inter-departmental collaboration, urging enterprises to foster closer ties between AI project leaders with security practitioners.
In doing so, enterprises can still accelerate agentic AI projects, but mitigate future potential risks by accommodating security team concerns during the experimentation process.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- How to implement identity and access management effectively
- Enterprises are worried about agentic AI security risks
- Top identity management and security tips for beginners
-
The move to a digital network and its role in the bigger picture of achieving true digital transformation: how SMBs can set themselves up for successSupported Beyond the dial tone, the digital switchover is the key to SMB success
-
Middlesbrough Council boosts cybersecurity spending, strategy in response to repeated cyberattacksReviews Councils across the UK have publicly struggled with maintaining services in the face of major cyber disruption
-
A malicious MCP server is silently stealing user emailsNews Koi Security says it's discovered the first malicious MCP server in the wild, exposing a risk to the entire ecosystem
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breachesNews Chronic cyber skills shortages mean many businesses are implementing quick fixes
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
