Sophos 2026 Report Details Escalating Security Threats: Identity Security Breaches Cost $1.6 Million
Published
Key Takeaways
- Widespread breaches: Over 70% of surveyed organizations experienced at least one identity-related breach in the past 12 months.
- Ransomware pipeline: Over two-thirds of ransomware victims directly tied their incident to a significant identity attack.
- NHI vulnerabilities: Weak non-human identity management acted as the root cause for more than 40% of successful breaches.
Sophos has published its State of Identity Security 2026 report, which says 71% of organizations experienced at least one identity-related breach over the past year. Furthermore, affected organizations sustained an average of three separate identity attacks during that 12-month period.
The report analyzed data from 5,000 IT and cybersecurity leaders across 17 countries and 14 industries. It states that the average cost to rectify a successful identity breach currently stands at $1.64 million.
The Ransomware Connection
Geographic and sector data reveal distinct target patterns. Switzerland registered the highest national breach rate at 89%, followed by Mexico at 83%.
Analyzing the data by sector, the energy, oil/gas, and utilities industry sustained the highest breach rate at 80%, while the IT and technology sector reported the lowest incident rate at 63%.
The Sophos data establishes a concrete link between compromised access and enterprise extortion. Among affected organizations, 67% of ransomware victims stated that their ransomware incident was directly tied to their most significant identity attack, utilizing compromised authentication to deploy payloads.
“Although not all the attacks resulted in data encryption, this establishes identity compromise as a primary ransomware delivery mechanism,” the report said.
Risks of Non-Human Identities
The expanding attack surface now relies heavily on non-human identities (NHIs), which include API keys, service accounts, and AI agents. The report notes that these systemic credentials may outnumber human identities by ratios up to 100 to 1.
Weak non-human identity management was identified as the root cause in 41% of successful identity breaches. Despite this critical vulnerability, only 34% of organizations regularly audit or rotate service accounts and NHIs.
Overprivileged accounts are the key factor in identity-based attacks, according to an April cloud security report.
Reports from last year indicated that identity-centric threats relying on infostealers dominate the modern cybercrime landscape, and that identity attacks and USB malware were on the rise in 2025.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular