Identity breaches are on the rise, and are only getting worse - so how can your business stay safe?

News
By published

A unified, automated identity security approach is needed, CyberArk says

person at a computer.
(Image credit: Photo by Towfiqu barbhuiya on Unsplash)
  • Four in five UK enterprises suffered identity‑related breaches in 2025
  • Machine identities now outnumber humans 100:1, with many AI agents accessing sensitive financial systems
  • CyberArk urges unified, automated identity security as identity complexity outpaces traditional controls

Almost all enterprises experienced at least one identity-related breach in 2025, new research has claimed, in incidents where criminals logged into existing, legitimate accounts, instead of using a bug or a vulnerability to gain access.

The Identity Security Landscape Report 2026 from Palo Alto Networks’ CyberArk notes the problem is only going to get worse since the number of identities in the enterprise is also spiking, and through it - the attack landscape grows.

In fact, almost three quarters (74%) of enterprises in the UK experienced at least three successful identity-related breaches in the last 12 months.

Latest Videos From

The rise of the machines

There are multiple factors contributing to this significant rise in risk. The first one is the sheer number of accounts enterprises are handling. Today, UK organizations expect a steep rise in the number of accounts across human identities, machine identities, and AI identities.

AI & LLMs, IoT devices and bots, as well as humans using more cloud applications, are all contributing to the mushrooming of digital identities.

At the same time, more and more organizations are allowing AI agents and machine identities access to sensitive data.

Today, 34% of AI agents and 37% of machine identities can access financial records and high-value systems while at the same time, only a minority use behavioral monitoring and credential revocation for their autonomous AI agents, conversational AI agents, and GenAI agents.

CyberArk says that today, machine identities outnumber humans 100 to 1 in the UK alone. At the same time, organizations are not rethinking how identity risk is managed, resulting in increasing pressure to extend visibility, control, and governance.

Businesses must now transition from fragmented, manual oversight, to a unified, automated identity security approach, the researchers conclude. Having 100 machine identities to every human one requires a platform-driven strategy, they argue.

“The explosion of machine identities represents a fundamental shift in the enterprise attack surface,” says Rich Turner, Senior Vice President EMEA - Identity Security at Palo Alto Networks. “With AI-driven identities projected to continue accelerating in the next year, organizations are facing a reality where identity complexity is rapidly outpacing traditional security controls.”

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.