cxo voice
  • Business
  • Technology
    • Artificial Intelligence
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • CXO Insights
  • Cyber Security
  • CXO Interviews
No Result
View All Result
  • Business
  • Technology
    • Artificial Intelligence
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • CXO Insights
  • Cyber Security
  • CXO Interviews
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home Cyber Security

Sophos says identity breaches are now a routine enterprise risk as AI expands the attack surface

Deepa Sharma by Deepa Sharma
May 13, 2026
identity breaches

Sophos says identity breaches are now a routine enterprise risk as AI expands the attack surface

Sophos’s State of Identity Security 2026 report shows a blunt picture: identity has moved from a supporting security concern to a primary attack surface. In a vendor-agnostic survey of 5,000 IT and cybersecurity leaders across 17 countries, Sophos found that 71% of organizations suffered at least one identity-related breach in the past year. The identity breaches affected organisations averaged 3 incidents, with 5% reporting 6 or more.

“Identity has become the primary attack surface in modern cybersecurity, and this data shows most organizations are losing ground,” said Ross McKerchar, chief information security officer at Sophos. “The non-human identity problem is particularly urgent. AI agents are being granted privileges faster than security teams can track them, and organizations that fail to get ahead of this will find it an increasingly costly gap to close.”

Sophos says these Identity breaches are being driven mainly by human error and weak management of non-human identities, including API keys, service accounts, and other machine identities.

[Related Reads: Gartner Warns 25% of Enterprise GenAI Apps to Face Frequent Security Incidents by 2028 ]

The company argues that the problem is getting worse as agentic AI speeds up the creation of new credentials and access paths faster than security teams can track them.

Sophos says 67% of ransomware victims in the survey reported that their ransomware incident stemmed from an identity attack. It puts the mean recovery cost at $1.64 million and the median at $750,000, with 73% of affected organizations spending $250,000 or more to recover.

Why is identity security becoming harder?

As organizations adopt cloud services and AI systems, they add more human and non-human identities, each of which can become a doorway for attackers. The report identities can outnumber human identities by as much as 100:1, yet only 34% of organizations regularly audit or rotate service accounts and non-human identities.

The report also points to weak visibility; Sophos found that only 24% of organizations continuously monitor for unusual login attempts, and more than half do so only every three months or less. It also says 14% of breached organizations could not stop their most significant identity attack before damage was done.

[Also Read: AI-Driven Hacking Risks Rise as Anthropic’s Mythos Raises Banking Concerns ]

What it means

For enterprises, identity security cannot be treated as a login problem. It is now a core control layer for cloud access, ransomware defense, and AI governance. Sophos explicitly recommends stronger MFA, least-privilege access, faster removal of inactive identities, better secrets management, identity threat detection and response, and Zero Trust controls.

Sophos report shows agentic AI can create new credentials and sub-agents with broad, persistent access, often without sufficient human oversight. That is a different risk profile from the older password-and-phishing model, because it expands the number of identities to secure and the speed at which they appear.

[Also Read: AI-Powered Cyberattacks Pose Threat to Financial Markets, IMF Warns ]

Deepa Sharma

Deepa Sharma

Deepa Sharma is CXOVoice’s Managing Editor, overseeing coverage of technology, cybersecurity, banking, and financial services. She can be reached at [email protected].

Related Posts

cloudflare Precursor
Cyber Security

Cloudflare Introduces Precursor, One-Click Bot Defense That Monitors User Behavior Instead of CAPTCHA Challenges

July 14, 2026
Tech Mahindra and CloudSEK
Cyber Security

Tech Mahindra, CloudSEK Partner to Deliver Predictive, Regulation-Ready Cybersecurity

July 14, 2026
Tata data breach
Cyber Security

Tata Data Breach  Leaks Unreleased Apple Product Details

June 30, 2026
IBM Red Hat and Palo Alto
Cyber Security

IBM, Red Hat, Palo Alto Networks Expand Project Lightwell for AI-Driven Vulnerability Protection

June 25, 2026
Wipro MDR
Cyber Security

Wipro Expands Palo Alto Networks Alliance to Launch AI-Powered Cyber Defense Services

June 24, 2026
public Wi-Fi
Cyber Security

The Hidden Dangers of Public Wi-Fi: Why Convenience Should Never Replace Caution

June 23, 2026
Wi-Fi Security
Cyber Security

Connected Everywhere, Vulnerable Anywhere: The Security Side of Wi-Fi

June 23, 2026
N-able Bengaluru
Cyber Security

N-able Opens New Global Capability Centre in Bengaluru

June 17, 2026
Load More

More Articles

GeForce NOW Officially Launches in India With Subscription Plans Starting at ₹999

GeForce NOW Officially Launches in India With Subscription Plans Starting at ₹999

by Deepa Sharma
July 15, 2026

cloudflare Precursor

Cloudflare Introduces Precursor, One-Click Bot Defense That Monitors User Behavior Instead of CAPTCHA Challenges

by Deepa Sharma
July 14, 2026

Intel Ireland

Intel to Invest €5 Billion in Ireland to Boost AI Chip Production and R&D

by Deepa Sharma
July 14, 2026

Tech Mahindra and CloudSEK

Tech Mahindra, CloudSEK Partner to Deliver Predictive, Regulation-Ready Cybersecurity

by Deepa Sharma
July 14, 2026

Get Weekly CXO Intelligence.

Loading

CXO Insights

public Wi-Fi
Cyber Security

The Hidden Dangers of Public Wi-Fi: Why Convenience Should Never Replace Caution

by Atul Luthra
June 23, 2026
Wi-Fi Security
Cyber Security

Connected Everywhere, Vulnerable Anywhere: The Security Side of Wi-Fi

by Govind Rammurthy
June 23, 2026
Shadow AI
Artificial Intelligence

Shadow AI: The Invisible Threat Growing Inside Modern Enterprises

by Manpreet Singh
June 5, 2026
traceability in Manufacturing
Opinion

From Barcode to Intelligence: How Traceability Is Redefining Manufacturing in India

by S R Srinivasan
May 29, 2026

CXO Interviews

AI Skills
Artificial Intelligence

How AI is transforming skills, education, and workforce development in the future of work

>
1Point1
Business

How 1Point1 Solutions Is Betting Its Future on AI to Redefine BPM

>
NewgenONE
Business

Reimagining Enterprise Transformation: Varun Goswami on the Future of NewgenONE and AI-Driven Automation

>
Jagat Shah, Chairman & CEO of MITSUMI Group
Business

Leadership in Emerging Markets: Exclusive Interview with Jagat Shah, Chairman & CEO of MITSUMI Distribution

>

CXOVoice.com is a leading online publication for CXOs, entrepreneurs, senior leaders, developers, and industry professionals. We publish informed analysis, news reporting, expert commentary, and expert insights across enterprise technology, digital transformation, cybersecurity, data, AI, sustainability, and governance.

Connect with us

Easy Links

  • Cryptocurrency
  • Company Announcements
  • Event
  • Blockchain
  • Resources & Downloads
Loading
  • Home
  • About Us
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Editorial Policy
  • Feedback

Copyright © 2026 CXOVoice - All Rights Reserved

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Business
  • Opinion
  • Interview
  • Technology
  • Cyber Security
  • Artificial Intelligence
  • How To
  • Data Center

Copyright © 2026 CXOVoice - All Rights Reserved