Cyberattacks

Research: Identity Now Top Entry Point for Cyberattacks

by PR Newswire

With identity-based vectors the most common entry point for cyberattacks, security leaders turn to agentic AI to both secure and manage identities at scale

Lumos, the industry’s first Autonomous Identity Platform, today announced the release of its AI, Automation, and Risk in 2026: Identity at a Breaking Point report. The findings indicate a pivotal moment in enterprise security, characterized by the rise of identity-based security threats and the critical role of agentic AI in mitigating and addressing these challenges. Responses reveal 96% of organizations have experienced identity-related security incidents.

Adversaries no longer need complex technical exploits to gain access, identity is now the main entry point for cyberattacks. 43.6% of organizations reported the use of stolen credentials, and 48.1% experienced a Multi-Factor Authentication (MFA) fatigue attack. That’s why despite over 90% of security leaders saying they feel prepared to defend themselves, only 3.8% of companies actually made it through the last year without a significant identity-related incident.

The research highlights three core areas of concern shaping the 2026 identity risk landscape:

  • The Accumulation of Excessive Privilege: Over 54% of security leaders cite the unchecked growth of permissions as their top hurdle, leading to “permission creep” where accounts hold far more access than required by the user.
  • The Invisibility of Non-Human Identities (NHIs): Machine identities now outnumber human users by ratios as high as 20:1, yet governance for these automated actors remains the area where organizations feel least prepared.
  • Real-Time Detection Gaps: Nearly 48% of teams struggle to detect identity misuse in real time, leaving them blind to attacks as they happen.

Among the report highlights:

  • Machine Identity Risk is on the Rise: As NHIs proliferate, they now outnumber human identities by as much as 20:1. While 78.2% of security leaders believe they are able to secure and govern these identities, NHIs have become a material risk for 33.1% of organizations.
  • Visibility and detection are critical gaps: 42.1% of organizations identified Mean Time to Detection as a top priority for improvement over the next year, but as the number of identities and the privileges they hold continue to rise dramatically, leaders know they can’t keep up on their own. 50.4% of leaders believe that threat detection and risk triage will benefit most from AI automation.
  • Organizations Need to be Wary of Wide Attack Surface: Perhaps most alarming is the exploitation of what IT teams cannot see or have forgotten. Dormant access exploitation (51.1%) and Service Account abuse (39.1%) create a large, unmonitored attack surface that is always open for bad actors.
  • Internal Vulnerabilities Cause Security Failures: Security is also failing from within. Insider Access misuse (46.6%) and Lateral Movement (37.5%) show that once a perimeter is breached—or if the threat is already inside—businesses lack the detailed visibility needed to prevent further damage.

“Organizations stand at a crossroads when it comes to managing and securing identity. As identity-based attacks are on the rise, it’s becoming more and more clear existing paradigms both lack the intelligence and require too much manual, operational work to keep pace,” said Andrej Safundzic, CEO of Lumos. “This research shows that adopting an agentic approach that brings intelligence, automation, and scale must be on every security leader’s agenda in 2026. We’ve seen firsthand from our customers the incredible impact embracing this innovation can deliver.”

Agentic AI Promises to Radically Improve Identity Management and Security
AI is one of the most important and top-of-mind emerging technologies for identity leaders, with 88.7% rating it as important or very important to their detection and response efforts over the next 2 years. This aligns with current adoption trends, with 85% of organizations leveraging AI in some capacity in their identity governance processes. However, the majority (68.4%) of organizations are only using AI in narrow use cases, and have not adopted AI-native tools, processes, or workflows.

Although the benefits of automation like speed, scope, and risk reduction are theoretically obvious, many leaders lack the confidence to initiate full-scale deployment.

  • 47.1% distrust in automated results: There is a fundamental skepticism regarding whether an automated system will make the right decision without human intervention.
  • 41.2% insufficient auditability: Security teams are wary of black-box processes; without clear trails showing why an access decision was made, they cannot meet strict compliance and internal governance standards.
  • 45.9% data quality and schema: Technical debt and messy data within outdated systems make the implementation of modern automation feel like an insurmountable engineering challenge.
  • 52.6% skill gaps and lack of expertise: The existing gaps that have plagued the cybersecurity industry for years, but also the gap in expertise around new technologies and standards.

Next Steps for Identity Leaders
Organizations are pivoting toward several key pillars for improving their identity and access management programs:

  • Automating User Access Reviews: Moving away from “rubber-stamp” spreadsheets toward intelligent, automated review cycles.
  • Least-Privilege & Zero Trust: Implementing automated policies that ensure users and machines have only the access they need, exactly when they need it.
  • Governance & Analytics: Enhancing compliance reporting and improving identity analytics to spot anomalies that a human eye would miss.
  • Optimizing Velocity and Detection: Shrink critical windows of exposure, specifically improving MTTP (Mean Time to Provision) across apps and MTTD (Mean Time to Detect) identity misuse.

Methodology
The AI, Automation, and Risk in 2026: Identity at a Breaking Point report surveyed 133 technology and security leaders from large organizations across major industries. Respondents hold titles of CISO, CIO, CTO, VP/Director of IT, and Security/Identity Manager at North American companies with 500 to over 10,000 employees across a wide range of industries.

Access the full report here.

PR Newswire

PR Newswire empowers communicators to identify and engage with key influencers, craft and distribute meaningful stories, and measure the financial impact of their efforts. Cision is a leading global provider of earned media software and services to public relations and marketing communications professionals.

PR Newswire empowers communicators to identify and engage with key influencers, craft and distribute meaningful stories, and measure the financial impact of their efforts. Cision is a leading global provider of earned media software and services to public relations and marketing communications professionals.

Related posts

CEO optimism hits 10-year high in 2022

PR Newswire

61% of Data Breaches in 2023 Were Malware Related: SpyCloud

Business Wire

SafeBreach Announces Robert Freeman as New SVP of Worldwide Sales

Business Wire