71% of Organizations Suffered At Least One Identity Breach in the Past Year
Sophos, Tuesday, May 12th, 2026
State of Identity Security 2026 report finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk
Sophos released the State of Identity Security 2026, a vendor-agnostic survey of 5,000 IT and cybersecurity leaders across 17 countries. The survey found that 71% of organizations suffered at least one identity-related breach in the past year, and on average organizations reported three separate incidents.
Repeat victimization reached a notable level, with 5% even reporting six or more breaches. These attacks are driven primarily by human error and weak management of non-human identities (NHIs), a challenge that is growing rapidly as agentic AI accelerates attack processes.