Organizations are taking 11 person-hours on average to investigate a single identity-related security alert, according to new research.
Analysis from Enterprise Strategy Group found security teams are facing significant challenges managing the volume of alerts, especially since the rise of agentic AI.
In many organizations, meanwhile, its rapid adoption is outpacing organizational oversight and creating new attack vectors.
Identity is already fragmented across cloud services, developer platforms, identity providers, and infrastructure resources such as databases, servers, Kubernetes and workloads.
All told, this fragmented ecosystem of platforms, tools, and solutions, is hampering response times and placing enterprises at huge risk, the report noted.
“When it only takes minutes for threat actors to move laterally across your infrastructure, 11 hours to investigate an identity-related incident simply isn’t good enough,” warned Ev Kontsevoy, CEO of Teleport, a sponsor of the research.
“As we move deeper into the age of AI, we must remember that AI dramatically lowers the cost of identity attacks, and we must expect the frequency of them to increase.
"We must improve the trustworthiness of computing environments. We can only achieve this by eliminating anonymity and human error, and by unifying identity to simplify policy enforcement and enhance visibility of what each identity is doing.”
Credential theft is surging
Things are made all the harder by the ease with which criminals can obtain valid static credentials such as passwords or API keys to impersonate identities.
According to the study, credential theft now accounts for one-in-five data breaches, with the number of compromised credentials having surged 160% in 2025 so far.
This fragmentation of identities is also reflected in the tools that enterprises use to manage them, with security teams using an average of 11 tools to trace identity-related security issues.
The reason is a complex mixture of cloud adoption, cyber insurance requirements and the need for separate tools for different environments, such as on-premises, cloud or SaaS, as well as customer security requirements, legacy tools, and industry compliance requirements.
“Few organizations understand the scale of the threat, let alone how quickly malicious actors can move laterally and disrupt systems," said Todd Thiemann, principal analyst at Enterprise Strategy Group.
"Each application expands a company’s security and compliance surface area, often faster than they can govern it, and few are easily integrated with identity tools."
"This leaves blind spots, orphaned accounts, inconsistent access privileges, and gaps in auditability, which significantly raises the risk of breaches and regulatory penalties," Thiemann added.
Identity security is now a priority
For most organizations, modernizing workforce identity security is a priority, with 91% saying it's a top-five concern.
As a result, budgets are growing year over year, with 87% of organizations reporting plans to increase their spending on workforce identity security, and more than one-third anticipating a significant rise.
According to Kontsevoy, the most efficient strategy lies in combining unified, cryptographic identity with just-in-time access. That’s how teams can more effectively minimize the attack surface.
“The blind spots created by complex IT aren’t just a danger to security. They’re bottlenecking the productivity of engineers and security professionals. They need a way to quickly answer vital questions," he said.
"Who accessed database X and with what permissions? Is this behavior unusual for the identity in question? What’s the full summary of what an identity did in a single session across platforms? To answer these questions, we need a different approach to cybersecurity, one that isn't based on secrets and siloed identities."
Shoring up defenses
The study from Enterprise Strategy Group comes amid a sharpened industry focus on identity security in recent months.
With businesses across a range of industries adopting agentic AI solutions, this poses serious challenges with regard to managing machine identities.
A recent study from Okta, for example, found 85% of security leaders now view identity and access management (IAM) as a crucial part of their broader security posture, marking an increase compared to 79% in the year prior.
Similarly, 78% of respondents to the Okta survey said that controlling access and permissions for “non-human identities” now represents their main security concern, overtaking long-running focuses such as lifecycle management and network visibility.
Okta’s advice on this front centered largely around closer inter-departmental collaboration, urging enterprises to foster closer ties between AI project leaders with security practitioners.
In doing so, enterprises can still accelerate agentic AI projects, but mitigate future potential risks by accommodating security team concerns during the experimentation process.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
Hackers are pouncing on enterprise weak spots as AI expands attack surfaces
Boards are pushing for faster returns on AI investments, and tech leaders can't keep pace
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks
Fake North Korean IT workers are rampant on LinkedIn – security experts warn operatives are stealing profiles to apply for jobs and infiltrate firms
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affected
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do that
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documents
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move on
LastPass issues alert as customers targeted in new phishing campaign
