Organizations are taking 11 person-hours on average to investigate a single identity-related security alert, according to new research.
Analysis from Enterprise Strategy Group found security teams are facing significant challenges managing the volume of alerts, especially since the rise of agentic AI.
In many organizations, meanwhile, its rapid adoption is outpacing organizational oversight and creating new attack vectors.
Identity is already fragmented across cloud services, developer platforms, identity providers, and infrastructure resources such as databases, servers, Kubernetes and workloads.
All told, this fragmented ecosystem of platforms, tools, and solutions, is hampering response times and placing enterprises at huge risk, the report noted.
“When it only takes minutes for threat actors to move laterally across your infrastructure, 11 hours to investigate an identity-related incident simply isn’t good enough,” warned Ev Kontsevoy, CEO of Teleport, a sponsor of the research.
“As we move deeper into the age of AI, we must remember that AI dramatically lowers the cost of identity attacks, and we must expect the frequency of them to increase.
"We must improve the trustworthiness of computing environments. We can only achieve this by eliminating anonymity and human error, and by unifying identity to simplify policy enforcement and enhance visibility of what each identity is doing.”
Credential theft is surging
Things are made all the harder by the ease with which criminals can obtain valid static credentials such as passwords or API keys to impersonate identities.
According to the study, credential theft now accounts for one-in-five data breaches, with the number of compromised credentials having surged 160% in 2025 so far.
This fragmentation of identities is also reflected in the tools that enterprises use to manage them, with security teams using an average of 11 tools to trace identity-related security issues.
The reason is a complex mixture of cloud adoption, cyber insurance requirements and the need for separate tools for different environments, such as on-premises, cloud or SaaS, as well as customer security requirements, legacy tools, and industry compliance requirements.
“Few organizations understand the scale of the threat, let alone how quickly malicious actors can move laterally and disrupt systems," said Todd Thiemann, principal analyst at Enterprise Strategy Group.
"Each application expands a company’s security and compliance surface area, often faster than they can govern it, and few are easily integrated with identity tools."
"This leaves blind spots, orphaned accounts, inconsistent access privileges, and gaps in auditability, which significantly raises the risk of breaches and regulatory penalties," Thiemann added.
Identity security is now a priority
For most organizations, modernizing workforce identity security is a priority, with 91% saying it's a top-five concern.
As a result, budgets are growing year over year, with 87% of organizations reporting plans to increase their spending on workforce identity security, and more than one-third anticipating a significant rise.
According to Kontsevoy, the most efficient strategy lies in combining unified, cryptographic identity with just-in-time access. That’s how teams can more effectively minimize the attack surface.
“The blind spots created by complex IT aren’t just a danger to security. They’re bottlenecking the productivity of engineers and security professionals. They need a way to quickly answer vital questions," he said.
"Who accessed database X and with what permissions? Is this behavior unusual for the identity in question? What’s the full summary of what an identity did in a single session across platforms? To answer these questions, we need a different approach to cybersecurity, one that isn't based on secrets and siloed identities."
Shoring up defenses
The study from Enterprise Strategy Group comes amid a sharpened industry focus on identity security in recent months.
With businesses across a range of industries adopting agentic AI solutions, this poses serious challenges with regard to managing machine identities.
A recent study from Okta, for example, found 85% of security leaders now view identity and access management (IAM) as a crucial part of their broader security posture, marking an increase compared to 79% in the year prior.
Similarly, 78% of respondents to the Okta survey said that controlling access and permissions for “non-human identities” now represents their main security concern, overtaking long-running focuses such as lifecycle management and network visibility.
Okta’s advice on this front centered largely around closer inter-departmental collaboration, urging enterprises to foster closer ties between AI project leaders with security practitioners.
In doing so, enterprises can still accelerate agentic AI projects, but mitigate future potential risks by accommodating security team concerns during the experimentation process.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- How to implement identity and access management effectively
- Enterprises are worried about agentic AI security risks
- Top identity management and security tips for beginners
-
GitHub just launched a new 'mission control center' for developers to delegate tasks to AI coding agentsNews The new pop-up tool from GitHub means developers need not "break their flow" to hand tasks to AI agents
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
The Allianz Life data breach just took a huge turn for the worse
News Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
Rapper Bot was ‘one of the most powerful DDoS botnets to ever exist’ – now it’s done and dustedNews The Rapper Bot botnet was responsible for a series of large-scale DDoS attacks on government agencies and tech companies. Now it's gone.
-
UK telecoms firm takes systems offline after cyber attackNews The Warlock ransomware group said it was selling a million stolen documents
-
Everything we know about the Workday data breach so farNews HR technology firm Workday has confirmed a data breach after threat actors gained access to a third-party CRM platform.
-
Malicious URLs overtake email attachments as the biggest malware threatNews With malware threats surging, research from Proofpoint highlights the increasing use of off-the-shelf 'phish kits' like CoGUI and Darcula
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Warning issued as new Pakistan-based malware group hits millions globallyNews Tempting people in with offers of pirated software, the network installs commodity infostealers, according to CloudSEK
-
LevelBlue and Akamai are teaming up to launch a managed web application and API protection serviceNews The new Managed WAAP offering aims to help organizations secure their rapidly expanding web app and API ecosystems
