DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

80% of Energy, Oil/Gas & Utilities Firms Hit by Identity Breaches — Sophos 2026 Research Reveals Critical Infrastructure Identity Crisis

DigitalCIO Bureau by DigitalCIO Bureau
May 21, 2026
in Tech News
0
80% of Energy, Oil/Gas & Utilities Firms Hit by Identity Breaches — Sophos 2026 Research Reveals Critical Infrastructure Identity Crisis
75
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

State of Identity Security 2026 report finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk

Sophos released the State of Identity Security 2026, a vendor-agnostic survey of 5,000 IT and cybersecurity leaders across 17 countries. The survey found that 76.8% of organizations surveyed in India suffered at least one identity-related breach in the past year, and on average organizations worldwide reported three separate incidents. Repeat victimization reached a notable level globally, with 5% reporting six or more breaches. These attacks are driven primarily by human error and weak management of non-human identities (NHIs), a challenge that is accelerating rapidly as agentic AI accelerates attack processes.

In India 79% of ransomware victims responding to this survey confirmed their ransomware incident stemmed from an identity attack, establishing identity compromise as a primary delivery mechanism for ransomware. Sophos X-Ops researchers have observed this consistently over the past year. Worldwide, the financial consequences are steep: the mean recovery cost reached US$1.64 million, with a median of US$750,000, and 73% of those affected faced costs of US$250,000 or more.

“Identity-based attacks are becoming increasingly sophisticated in India as organizations rapidly expand their digital ecosystems and adopt AI-driven technologies. The finding that nearly 77% of organizations in India experienced an identity-related breach highlights how critical it is for businesses to strengthen both human and non-human identity security practices,” said Sunil Sharma, Managing Director and Vice President – Sales, India and SAARC, Sophos. “As AI agents, cloud services, APIs and automated workflows continue to scale, organizations need far greater visibility and control over identities, access privileges and authentication activity. A proactive, layered identity security strategy combined with continuous monitoring and Zero Trust principles will be essential for Indian businesses to stay resilient against evolving cyber threats.”

Additional Global Key Findings from the State of Identity Security 2026: 

  • Data and Financial Theft Dominate Breach Fallout: 10% of organizations reported an identity breach that impacted their business in the last year with the primary consequences being data theft (49%) and ransomware (48%), and financial theft (47%)
  • Visibility Remains a Critical Weakness: Only 13% of organizations continually monitor for unusual login attempts, and more than half of organizations globally check every three months or less.
  • Detection Gaps Persist: 14% of breached organizations could not detect and stop their most significant identity attack before damage was done. Smaller organizations (100–250 employees) were nearly twice as likely to fail at detection as mid-sized peers.
  • Critical Infrastructure Most Exposed: Energy, oil/gas, and utilities (80%) and federal/central government (78%) reported the highest breach rates across all industries surveyed.
  • Compliance Struggles Signal Broader Risk: Organizations that found compliance requirements very challenging had a breach rate of 82.4%, a full 14 percentage points higher than those with lower compliance difficulty (68.3%).

Globally, human error (employees tricked into providing credentials) was cited in nearly 43% of incidents. Weak NHI management, including API keys stored in code, static credentials, and orphaned service accounts, was cited in 41%. Organizations with weak NHI management are 22% more likely globally to experience financial theft and pay approximately $150,000 more to recover than average.

The NHI management problem is intensifying globally. AI agents can autonomously spin up sub-agents, each generating new credentials with broad, persistent access and inconsistent human oversight. Existing identity frameworks were not built for this, and organizations are already behind: globally, only 1 in 3 organizations regularly rotate or audits service accounts and non-human identities, and just 11% do so continuously.

Recommendations to Reduce Identity-based Risks

To reduce exposure to identity-related attacks, organizations should implement a multi-layered approach covering both human and non-human identities. Essential steps include enforcing Multi-Factor Authentication (MFA) for all user accounts, applying least-privilege access principles, and disabling or removing inactive identities promptly.

For non-human identities specifically, organizations should inventory and classify all NHIs, replace long-lived credentials with short-lived alternatives, and implement secrets management platforms to manage NHI credentials at scale. As agentic AI accelerates NHI proliferation, deploying Identity Threat Detection and Response (ITDR) capabilities and adopting a Zero Trust security model are increasingly critical layers of defense.

The State of Identity Security 2026 report comes from a vendor-agnostic survey conducted in Q1 2026 of 5,000 IT and cybersecurity leaders across 17 countries, including the U.S., U.K., Germany, France, Australia, Japan, India, and Brazil, in organizations with 100 to 5,000 employees across 14 industries.

Tags: CyberattacksCybersecurityCybersecurity BreachesCybersecurity ThreatsSophos
Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

TCS positioned as Leader in NelsonHall’s 2025 NEAT for GenAI and Process Automation in Banking

by DigitalCIO Bureau
July 6, 2026
0
TCS positioned as Leader in NelsonHall’s 2025 NEAT for GenAI and Process Automation in Banking

Tata Consultancy Services (TCS) has been recognized as a Leader in NelsonHall’s 2025 NEAT evaluation for GenAI and process automation in banking. The report, which reviews 16 top...

Read moreDetails

Adroit Associates and Tech Mahindra Partner to Drive Supply Chain Transformation Across the Global Retail and CPG Industry

by DigitalCIO Bureau
July 6, 2026
0
Adroit Associates and Tech Mahindra Partner to Drive Supply Chain Transformation Across the Global Retail and CPG Industry

Adroit Associates has announced a partnership with Tech Mahindra to jointly enable large-scale supply chain transformation across the global retail & consumer packaged goods (CPG) industry. This collaboration brings together...

Read moreDetails

Microsoft names Rodrigo Kede Lima as President of Microsoft Frontier Company

by DigitalCIO Bureau
July 3, 2026
0
Microsoft names Rodrigo Kede Lima as President of Microsoft Frontier Company

Microsoft has appointed Rodrigo Kede Lima as president of Microsoft Frontier Company, the company’s newly launched AI-focused business unit. The announcement was made in an official Microsoft blog...

Read moreDetails

Sandesh Bilagi Appointed as Chief Executive Officer at Ramco Systems

by DigitalCIO Bureau
July 3, 2026
0
Sandesh Bilagi Appointed as Chief Executive Officer at Ramco Systems

Ramco Systems has appointed Sandesh Bilagi as its new Chief Executive Officer, marking a significant leadership transition for the enterprise software company as it aims to accelerate growth...

Read moreDetails

Government of Gujarat, IAIRO and IBM Announce Plans for an Industrial Artificial Intelligence Centre of Excellence in Gujarat

by DigitalCIO Bureau
July 2, 2026
0
Government of Gujarat, IAIRO and IBM Announce Plans for an Industrial Artificial Intelligence Centre of Excellence in Gujarat

Proposed initiative aims to advance Industrial AI innovation, skilling, and AI ecosystem development Industrial AI CoE is envisioned as a platform for enabling ecosystem development and adoption of...

Read moreDetails
Next Post
L&T Technology Services Unveils Europe’s First EI Center; Ushers in New Era of Engineering Intelligence for Products, Platforms & Manufacturing

L&T Technology Services Unveils Europe’s First EI Center; Ushers in New Era of Engineering Intelligence for Products, Platforms & Manufacturing

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

Arctic Wolf Completes Acquisition of Cylance Assets

Arctic Wolf Completes Acquisition of Cylance Assets

February 5, 2025
Check Point Acquires SASE Security Firm Perimeter 81

Altimetrik Announces Acquisition of SLK Software

June 28, 2025
GlobalLogic Appoints Technology Services Veteran Srinivas Shankar as Chief Business Officer & Head of Global Industries

GlobalLogic Appoints Technology Services Veteran Srinivas Shankar as Chief Business Officer & Head of Global Industries

October 17, 2023

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Accenture Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare CrowdStrike Cybersecurity Digital Transformation E-books Enterprises Fortinet Gartner Generative AI Google Cloud HCLTech IBM India Infographics Infosys Internet of Things (IoT) Kaspersky Microsoft NTT DATA NVIDIA Palo Alto Networks Panel Discussion Partnership ServiceNow Sophos Strategic Partnership Tata Consultancy Services TCS Tenable Trend Micro Veeam Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?