Identity-Related Breach Hit 71% of Enterprises: Sophos
Identity-Related Breach Hit 71% of Enterprises: Sophos
https://www.cybersecurity-insiders.com/identity-related-breach-sophos-2026/
Publish Date: 2026-05-25 14:19:00
Source Domain: www.cybersecurity-insiders.com
Identity, not the network perimeter, is now the primary way attackers break into enterprises. A survey of 5,000 IT and cybersecurity leaders across 17 countries from Sophos finds that 71% of organizations suffered at least one identity-related breach in the past year. Each affected organization was hit by an average of three separate attacks.
- Sophos’s State of Identity Security 2026 puts identity at the center of enterprise intrusions, yet most breach prevention still concentrates on human accounts.
- Weak management of non-human identities, the machine accounts that can outnumber human ones by 100 to 1, was the root cause of 41% of successful identity breaches.
- Two-thirds of ransomware victims, 67%, traced their attack to an identity compromise, and the average breach cost $1.64 million to fix.
- Only 34% of organizations regularly audit or rotate service accounts and non-human identities, the gap the report tells defenders to close first.
Identity-Related Breach Hit 71% Across 17 Countries
Energy, oil, and gas operators were the most exposed, with 80% reporting at least one identity-related breach, against 63% in IT and technology. By geography the spread ran wider still: 89% of Swiss organizations and 83% of Mexican ones were hit. The 5,000 leaders Sophos surveyed across 14 industries averaged three separate identity attacks over the year, at a mean recovery cost of $1.64 million and a median of $750,000. For 73% of victims, fixing a single breach cost $250,000 or more.
That financial weight tracks a change in how intrusions start. Identity compromise has become the connective tissue of the modern attack, and ransomware shows it most clearly. 67% of ransomware victims said their incident began with an identity attack rather than a malware drop or an unpatched edge device.
Why Non-Human Identities Are the Blind Spot
The survey’s most consequential finding sits in the accounts no one logs into. Non-human identities, the service…
