Identity Breaches Hit 71% of Firms as Attackers Exploit Machine Accounts

News

1. Identity Breaches Hit 71% of Firms as Attackers Exploit Machine Accounts

2. Smaller Cities Drive India’s Next GCC Boom

3. Tools that strip AI safety controls from open models are spreading: FT

4. The Vatican Enters the AI Governance Debate

5. Microsoft PullBack, Uber Budget Blowout Put AI Coding Costs in Focus

6. Shastra VC Launches $100 Million Deeptech Fund

Identity systems have become a primary entry point for cyberattacks, with 71% of organizations reporting at least one identity-related breach in the past year, according to a new Sophos report.

Sophos’ State of Identity Security 2026 survey, based on responses from 5,000 IT and cybersecurity leaders across 17 countries and 14 industries, found that affected organizations reported an average of three identity attacks during the year. The survey covered organizations with 100 to 5,000 employees.

The findings show how attackers are increasingly using compromised credentials rather than only malware or software vulnerabilities to break into systems. Among ransomware victims surveyed, 67% said their ransomware incident stemmed from an identity attack.

The financial impact was significant. Sophos said the mean recovery cost for a successful identity breach was $1.64 million, with a median of $750,000. Nearly three-quarters of affected organizations spent at least $250,000 on recovery.

A major weakness identified in the report was poor management of non-human identities, including API keys, service accounts and AI agents. Sophos said these identities can outnumber human identities by as much as 100 to 1, but many remain poorly monitored.

Weak non-human identity management was cited as a root cause in 41% of successful identity breaches. Only 34% of organizations said they regularly audit or rotate service accounts and non-human identities, while just 11% do so continuously.

“Identity has become the primary attack surface in modern cybersecurity, and this data shows most organizations are losing ground,” said Ross McKerchar, chief information security officer at Sophos. “The non-human identity problem is particularly urgent.”

The exposure varied by sector and geography. Energy, oil and gas, and utilities reported the highest breach rate at 80%, while IT and technology organizations reported the lowest rate at 63%. Switzerland recorded the highest breach rate at 89%, followed by Mexico at 83%.

Detection gaps are also widening. Smaller organizations with fewer than 250 employees were nearly twice as likely to miss identity-based attacks compared to larger enterprises, the report found.

Sophos attributed part of this trend to the increasing use of AI-driven attack techniques, which allow threat actors to scale credential abuse faster than security teams can respond.

The report suggests that organizations should prioritize securing non-human identities, starting with better inventory management and regular credential rotation. It also recommends strengthening monitoring capabilities, particularly in smaller organizations where detection rates remain lower.