Human error and poor non-human identity management are the root causes of most attacks
Sophos, a global cybersecurity leader, recently released the State of Identity Security 2026, a vendor-agnostic survey of 5,000 IT and cybersecurity leaders across 17 countries. The survey found that 71% of organizations experienced at least one identity-related breach in the past year, with an average of three incidents per organization. Around 5% reported six or more breaches, highlighting significant repeat victimization. The attacks are largely driven by human error and poor management of non-human identities (NHIs), a risk growing rapidly with the rise of agentic AI.
Two-thirds of ransomware victims, 67%, said the attack originated from an identity compromise, confirming identity attacks as a major ransomware entry point. Sophos X-Ops researchers have observed this consistently over the past year. The financial impact is severe, with average recovery costs reaching $1.64 million and 73% of affected organizations spending over $250,000.
Key Findings from the State of Identity Security 2026:
The State of Identity Security 2026 report highlights growing cybersecurity risks, with 10% of organizations experiencing identity-related breaches, mainly causing data theft, ransomware, and financial theft. Visibility and detection gaps remain critical, as only 24% continuously monitor unusual login attempts, while 14% failed to stop attacks before damage occurred. Critical infrastructure and government sectors reported the highest breach rates, and organizations struggling with compliance faced greater risks. Human error caused 43% of incidents, while weak non-human identity (NHI) management contributed to 41%. The rapid rise of AI-driven NHIs is further intensifying security and credential management challenges.
Recommendations to Reduce Identity-based Risks
To reduce exposure to identity-related attacks, organizations should implement a multi-layered approach covering both human and non-human identities. Essential steps include enforcing Multi-Factor Authentication (MFA) for all user accounts, applying least-privilege access principles, and disabling or removing inactive identities promptly. For non-human identities specifically, organizations should inventory and classify all NHIs, replace long-lived credentials with short-lived alternatives, and implement secrets management platforms to manage NHI credentials at scale. As agentic AI accelerates NHI proliferation, deploying Identity Threat Detection and Response (ITDR) capabilities and adopting a Zero Trust security model are increasingly critical layers of defense.
