Sophos identifies critical weaknesses in identity security

In Sophos’ recent release, the State of Identity Security 2026, a survey of 5,000 IT and cybersecurity leaders across 17 countries examined trends in identity management and security incidents. The report found that 71% of organisations experienced identity-related breaches over the past year, with an average of three incidents per organisation. Additionally, 5% reported six or more breaches.

The research identified human error and challenges in managing non-human identities (NHIs) as significant contributing factors. The report also noted that organisations are facing increasing pressure from more sophisticated AI-driven attacks.

According to the findings, ransomware incidents affected 67% of organisations that experienced breaches, with identity attacks frequently cited as an entry point. Reported recovery costs averaged $1.64 million, with a median cost of $750,000.

Additional survey findings included:

• Only 24% of organisations reported continuously monitoring for unusual login attempts.
• 14% stated they were unable to stop their most significant attack before damage occurred.
• Critical infrastructure sectors, including energy, oil/gas, and utilities, reported the highest exposure rates, with an 80% breach rate.
• Organisations reporting significant compliance challenges experienced breach rates of 82.4%.
• Human error was identified in 43% of attacks, while weak NHI management was associated with 41%. Organisations affected by these issues reported recovery costs approximately $150,000 higher on average in cases involving financial theft.

To address identity-related risks, Sophos recommends a layered security approach that includes both human and non-human identities. Recommended measures include implementing Multi-Factor Authentication (MFA), applying least-privilege access principles, and removing inactive identities in a timely manner.

For NHIs specifically, the report recommends maintaining asset inventories, using short-lived credentials, and adopting secrets management platforms to improve credential oversight. It also highlights the growing role of Identity Threat Detection and Response (ITDR) capabilities and Zero Trust security models as organisations manage increasing numbers of NHIs, including those associated with AI systems.

The report is based on data from a vendor-neutral survey conducted in 2026 with participants from IT and cybersecurity sectors across 17 countries.