Sophos Security Survey Signals Surge in Identity-Based Cyberattacks
Cybersecurity firm Sophos has published its 2026 “State of Identity Security” report, highlighting opinions from 5,000 IT and cybersecurity experts across 17 countries. According to the report released on Tuesday, May 19, 71 percent of organizations experienced at least one identity-related cyberattack over the past year.
The report states that each organization faced an average of three attacks, while nearly 5 percent of organizations reported experiencing six or more incidents.
The survey found that employee mistakes were responsible for 43 percent of the attacks. Additionally, weak non-human identity management emerged as a major factor in 41 percent of incidents. The growing use of AI agents is also making security risks more complex.
In 67 percent of ransomware attacks, attackers gained access by exploiting identity-related information. On average, affected organizations spent $1.64 million to recover their data. Meanwhile, 73 percent of organizations incurred costs exceeding $250,000.
The report further noted that government institutions and organizations with complex structures are at the highest risk. Institutions with weak compliance or inadequate implementation of security policies are also experiencing higher rates of attacks.
To reduce risks, Sophos recommended enabling multi-factor authentication across all accounts, enforcing least-privilege access policies, and quickly removing inactive identities. The company also emphasized separate management for non-human identities, the use of short-term credentials, and adoption of the Zero Trust security model.
DBTech/SI/EK/OR
