‘Most organizations are losing ground’: Identity security risks are skyrocketing, and enterprises can’t keep up
Most organizations are being hit at least once a year, and experts warn incidents are accelerating
Enterprises have experienced a sharp increase in the number of identity-related breaches over the last year, according to two new studies.
According to new research from Sophos, 71% of organizations suffered at least one identity-related breach across 2025, with organizations reporting an average of three separate incidents and 5% reporting six or more.
The main consequences of an identity-related breach are data theft (49%), ransomware (48%), and financial theft (47%), the study found. Indeed, two-thirds of ransomware attacks were carried out this way, with serious financial consequences.
Sophos noted that the mean recovery costs associated with ransomware attacks reached $1.64 million, with a median of $750,000. Nearly three-quarters (73%) of those affected faced costs of $250,000 or more.
“Identity has become the primary attack surface in modern cybersecurity, and this data shows most organizations are losing ground,” said Ross McKerchar, chief information security officer at Sophos.
“The non-human identity problem is particularly urgent. AI agents are being granted privileges faster than security teams can track them, and organizations that fail to get ahead of this will find it an increasingly costly gap to close.”
Enterprises have a visibility problem
Visibility is a critical weakness, according to Sophos, with only a quarter of organizations continually monitoring for unusual login attempts, and more than half checking every three months or less.
Detection, meanwhile, is equally poor. Around 14% of breached organizations were unable to detect and stop their most significant identity attack before damage was done.
A key factor for many identity breach victims lay in compliance, according to the Sophos study. Among those that found compliance requirements challenging, 82.4% had suffered a breach – a full 14 percentage points higher than those with less difficulty with compliance.
UK firms grappling with identity security
In the UK specifically, enterprises are contending with similar challenges. According to Palo Alto Networks' Identity Security Landscape Report 2026, machine identities now outnumber humans 100 to one, creating serious identity security risks.
82% of organizations expect to see the number of machine identities rise over the next 12 months, the study noted, and 90% expect to see a sharp increase in AI identities.
More than one-third (34%) of AI agents and 37% of machine identities have access to their organization’s data, which may include sensitive information such as financial records or high value systems.
Palo Alto Networks noted that only 51% of UK organizations are using behavioral monitoring for their autonomous AI agents.
Identity security has become a key focus – and pain point – for many enterprises since the advent of agentic AI. With agents given deep access to sensitive data sources, risks are amplified and the potential for data leakage is now a leading concern for IT and security leaders alike.
Fragmented tools create blind spots
Fragmented identity security systems and tools are also causing problems with regard to visibility, according to eight-in-ten UK firms. Respondents to Palo Alto Networks’ survey said disparate tools are impacting or delaying their ability to detect and respond to identity-related threats.
As a result, 83% of UK organizations have experienced an identity-related breach, while 74% have fallen victim to at least three in the last 12 months.
“The explosion of machine identities represents a fundamental shift in the enterprise attack surface. With AI-driven identities projected to continue accelerating in the next year, organizations are facing a reality where identity complexity is rapidly outpacing traditional security controls," said Rich Turner, Palo Alto Networks' senior vice president EMEA.
"The fact that 83% of organisations have suffered an identity-related breach in the UK - and 91% in EMEA more broadly - proves that as AI agents gain more access to sensitive data, security leaders must move beyond manual processes. To close the gap, organizations must embrace end-to-end automation and unified governance. Otherwise, the risks of expanding AI and machine identities will only continue to intensify.”
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
AI is getting better at securityNews UK AISI warns that AI models are already exceeding existing benchmarks for testing
-
Industrial organizations under increasing fire as attackers target operational technologyNews Firms continue to underestimate their operational technology exposure, NCC Group warns
-
Enterprises are adopting agents faster than they can secure and govern them – experts warn it’s a disaster waiting to happenNews Identity systems developed for human interaction fail to cope with the new demands
-
Agent identity governance can't keeping up with adoption rates – and it’s creating a security nightmareNews Enterprises are leaving high-privilege keys unchanged for months or years at a time
-
In the age of all-in-one platforms, how can partners avoid becoming interchangeable?Industry Insights Complacency is the real problem, rather than platformization...
-
Microsoft opens up Entra Agent ID preview with new AI featuresNews Microsoft Entra Agent ID aims to help manage influx of AI agents using existing tools
-
Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staffNews Enterprises should act swiftly to revoke rights and access, regardless of the manner of an employee’s departure.
-
Cyber teams are struggling to keep up with a torrent of security alertsNews Fragmented identity security processes are creating blind spots, and the proliferation of tools doesn't help
-
Identity security is more important than ever – here’s why
News 78% of enterprises told Okta that controlling access and permissions for non-human identities is now their main identity security concern.
-
Okta and Palo Alto Networks are teaming up to ‘fight AI with AI’News The expanded partnership aims to help shore up identity security as attackers increasingly target user credentials
