Sophos has released its State of Identity Security 2026 report, revealing that 71% of organizations worldwide experienced at least one identity-related cyber breach over the past year, highlighting the growing cybersecurity risks tied to AI-driven attacks and weak identity management.
Based on a vendor-agnostic survey of 5,000 IT and cybersecurity leaders across 17 countries, the report found that organizations experienced an average of three identity-related incidents annually, with 5% suffering six or more breaches.
The study identified identity compromise as a major gateway for ransomware attacks, with 67% of ransomware victims confirming that their incidents originated from identity-based attacks. Sophos reported that recovery costs averaged $1.64 million, while the median recovery expense reached $750,000.
According to Ross McKerchar, identity has become the primary attack surface in modern cybersecurity environments. He warned that the rapid growth of AI agents and non-human identities (NHIs) is creating new security challenges as organizations struggle to track and manage machine-generated credentials and automated access permissions.
The report highlighted that human error remains a leading factor in breaches, with 43% of incidents involving employees being tricked into sharing credentials. Weak management of non-human identities, including exposed API keys and orphaned service accounts, contributed to 41% of attacks.
Sophos also found significant visibility and monitoring gaps among organizations. Only 24% continuously monitor unusual login attempts, while just 11% continuously audit or rotate non-human identity credentials.
Critical infrastructure sectors recorded the highest breach rates, including energy, oil and gas, utilities, and government organizations. Companies facing major compliance challenges were also more likely to suffer identity-related breaches.
To reduce cybersecurity risks, Sophos recommended adopting multi-factor authentication (MFA), least-privilege access controls, Identity Threat Detection and Response (ITDR), Zero Trust security models, and stronger management of non-human identities and AI-generated credentials.
The report underscores growing concerns about how agentic AI and automated systems are accelerating cyberattack capabilities while increasing pressure on organizations to modernize identity security strategies.
