Identity Breaches Hit 71% of Organizations in Past Year

The survey of 5,000 IT and cybersecurity leaders across 17 countries pegs the mean cost to recover from a successful identity breach at USD 1.64 million, with weak non-human identity management cited in 41% of cases.

Published on May 12, 2026

Written by Alessandro Mascellino

Share

Identity Breaches Hit 71% of Organizations in Past Year

More than seven in ten organizations suffered an identity-related security breach in the past 12 months, according to Sophos’s new State of Identity Security 2026 report.

Conducted independently by Vanson Bourne, the survey of 5,000 IT and security leaders across 17 countries pegs the global breach rate at 70.9%, with affected organizations reporting an average of three identity-related incidents apiece. Switzerland topped the country list at 88.7%; Germany sat at the bottom at 62.6%, though no surveyed market fell under 60%.

*Breach frequency distribution. Credit: Sophos.*

One number stands out for its operational implications. Two-thirds (66.5%) of ransomware victims confirmed their ransomware event was the same incident as their most significant identity attack.

Sophos also identified identity compromise as a primary delivery mechanism for ransomware. The mean recovery cost reached USD 1.64 million, with a median of USD 750,000.

Data theft (48.8%) and ransomware (48.4%) were the most common consequences. Human error topped the list of root causes at 42.7%, followed by weak Non-Human Identity (NHI) management at 40.6%.

Non-Human Identities Amplify the Damage

For context, NHI weakness covers API keys, service accounts, OAuth tokens, and AI-agent credentials that proliferate behind the scenes.

The category proved especially costly: organizations breached through weak NHI management were 28% more likely to experience direct financial theft and 24.1% more likely to face extortion, with the recovery bill running roughly USD 147,000 above average.

Hygiene also remains an issue. Just 10.5% of organizations continually rotate or audit service accounts and NHIs, and only 24.1% continually monitor for unusual login attempts. More than half review identity governance policies no more frequently than every three months.

“Identity security is not a one-time project but a continuous operational discipline, “Sophos said in the report.

Agentic AI, which Sophos credits with driving NHI-to-human ratios above 100-to-1 in some environments, is widening that gap rather than closing it.

Explore More

Fake OpenAI Privacy Filter Repository Racked Up 244,000 Downloads Before Hugging Face Takedown

HiddenLayer researchers found the fake "Privacy Filter" repository briefly hit the trending charts before shipping a Rust-based infostealer through a six-stage attack chain.

Alessandro Mascellino Last updated on May 11, 2026

Read Now

Written By

Alessandro Mascellino Cybersecurity Reporter

Alessandro Mascellino is a British-Italian freelance journalist specializing in technology and gaming. He has contributed to several publications, including Wired, The Independent, and Android Police. By day, he works as a journalist. By night, he co-manages a game studio that creates narrative games.