Sophos’ State of Identity Security 2026 Survey Finds Identity Breaches Common
Sophos released its State of Identity Security 2026 report, based on a survey of 5,000 IT and cybersecurity leaders. The findings describe identity-related breaches as a frequent outcome in the past year and connect many incidents to identity compromise.
In the survey, 71% of organizations reported at least one identity-related breach in the past year, and organizations reported an average of three separate incidents. Repeat victimization appeared in 5% of respondents, who reported six or more breaches. The report also links identity compromise to ransomware, with 67% of responding ransomware victims describing their incident as stemming from an identity attack.
The report attributes many incidents primarily to human error and weak management of non-human identities (NHIs). Human error, including employees tricked into providing credentials, was cited in nearly 43% of incidents, while weak NHI management, including API keys stored in code, static credentials, and orphaned service accounts, was cited in 41%. It adds that organizations with weak NHI management were 22% more likely to experience financial theft and reported about $150,000 more in recovery costs than average.
For non-human identities, the report says organizations should inventory and classify NHIs, replace long-lived credentials with short-lived alternatives, and implement secrets management platforms to manage NHI credentials at scale. It also recommends deploying Identity Threat Detection and Response (ITDR) capabilities and adopting a Zero Trust security model. Ross McKerchar, chief information security officer at Sophos, said, “Identity has become the primary attack surface in modern cybersecurity, and this data shows most organizations are losing ground,” and “The non-human identity problem is particularly urgent. AI agents are being granted privileges faster than security teams can track them, and organizations that fail to get ahead of this will find it an increasingly costly gap to close.” The report was produced from a vendor-agnostic survey conducted in Q1 2026, covering organizations with 100 to 5,000 employees across 14 industries in 17 countries.