Why the Industry Must Rethink Security Now
Over the past year, something fundamental has changed in cybersecurity.
Identity is no longer one layer in a defense-in-depth model; it has become the enterprise’s primary risk surface.
The 2026 State of Identity & Access (SOIA) Report reveals a pattern that cuts across industries, sizes, and architectures: today’s most disruptive breaches begin not with malware or zero-day vulnerabilities, but with identity weaknesses hiding in plain sight. Dormant accounts. Orphaned logins. Machine identities without owners. Permissions no one knows exist. MFA gaps in unexpected places.
This year’s findings show that identity risk isn’t a technical detail; it’s a systemic business exposure.
And the data behind that conclusion is… sobering.
The Identity Problem Has Outgrown Traditional IAM
Organizations have invested in IAM, PAM, SSO, and MFA for years. Yet identity risk continues to accelerate, and the reason is structural.
Across the enterprise, identity creation now far outpaces identity governance. Human hiring, contractor onboarding, new SaaS adoption, automation pipelines, and AI agents all create new identities and permissions continuously. Governance processes, including reviews, de-provisioning, and remediations, simply can’t keep up.
The result:
Permission sprawl and identity debt have reached levels no traditional IAM program can reasonably sustain.
The SOIA Report reveals troubling trends that cut across nearly every company evaluated: from global manufacturers to healthcare giants to financial institutions. What’s especially troubling is how consistent the patterns are regardless of industry verticals.
The implication:
Identity risk is no longer an IT operations problem – it’s a systemic phenomenon.
Machine Identities Are Becoming the Industry’s Largest Attack Surface
One of the most important shifts highlighted in this year’s report is the explosive growth of non-human identities (NHIs): service accounts, API keys, secrets, workloads, bots, and increasingly, AI agents.
What surprised us was not just the scale of NHI growth, but how concentrated its power has become.
A very small percentage of machine identities holds the majority of access to critical cloud infrastructure and sensitive systems.
Yet in many organizations, these are the least governed identities they have.
They don’t require badge access.
They don’t get offboarded.
They don’t trigger HR workflows.
And attackers know it.
The SOIA Report details how machine identities are now the fastest-growing contributor to identity risks, and why they have quietly become the preferred target for modern adversaries.
Entitlement Sprawl Is Now a Blind Spot for Most Companies
Another trend that emerges clearly from the report: the sheer volume and complexity of enterprise entitlements has reached an inflection point.
Most organizations today can’t answer with precision the most fundamental question in identity security:
“Who can do what, where, and when?”
Not because of poor tooling, but because permissions have become too abundant, too granular, and too persistent for legacy IAM processes to manage.
The SOIA report exposes just how wide this gap has grown and how entitlement sprawl creates predictable pathways for attackers to escalate privileges, move laterally, and access sensitive data and systems.
If identity is the modern enterprise’s control plane, entitlement sprawl is the turbulence that keeps leaders flying blind.
Human Offboarding, MFA Gaps, and Orphaned Accounts Remain Unresolved Risks
Perhaps the most recognizably human pattern the report uncovers is also one of the most dangerous: what happens when people leave the organization.
Despite mature HR processes, the SOIA analysis reveals that access frequently lingers – sometimes across critical systems. In addition, authentication configurations remain inconsistent across apps, legacy systems, and business units.
Attackers don’t need sophistication to exploit these cracks.
They simply look for:
- An account no one remembered to disable
- A system where MFA is only “partially deployed.”
- A service account with more permissions than anyone realized
The SOIA Report reveals the scale of this gap and why attackers increasingly rely on it.
Why Executives Should Care: Identity Risk Is Now a Business Health Indicator
The identity landscape has outgrown the controls designed to govern it, which has real implications for:
Regulatory exposure
New audits and cyber standards increasingly require real-time evidence of continuous access hygiene – not annual certifications.
Operational resilience
Recent high-profile incidents show how a single compromised account can halt billing, operations, or physical infrastructure.
AI governance
The rise of autonomous agents multiplies identity risks, often without visibility or control.
Cyber insurance and financial impact
Insurers are raising premiums and declining coverage when identity control maturity is low.
Identity is now a quantifiable form of operational debt – one that compounds if not actively reduced.
The Industry Is Entering the Authorization Era
The 2026 SOIA Report makes one thing clear:
Identity security is no longer just about authenticating users or managing roles. It’s about achieving ongoing, provable visibility into effective permissions across every identity — human or machine. Effective permissions are the entitlements that result in active create, read, write, or delete capability on a resource, which is the lens we use in the report to measure real access risk.
Organizations that succeed will treat identity as:
- A board-level priority
- A continuous control, not a periodic audit
- A business-wide initiative, not a security program
- A strategic enabler, not a technical challenge
The report outlines the maturity model, the emerging patterns, and the organizational shifts required.
Want to Understand the New Identity Risk Landscape? Download the Full 2026 SOIA Report
This blog offers only a high-level glimpse. The full State of Identity & Access Report includes:
- The most significant identity patterns across millions of identities
- Cross-industry identity risk patterns across large enterprises in financial services, healthcare, technology, retail, and the public sector
- The emerging identity attack vectors shaping threat actor behavior
- The machine identity trends most leaders haven’t seen coming
- The maturity benchmarks every CISO should measure against
- How identity weaknesses like dormant accounts, weak or missing MFA, and compromised credentials showed up in recent incidents such as Jaguar Land Rover, Change Healthcare, and Colonial Pipeline
If identity is your enterprise’s control plane – and it is – you need to understand what’s happening across the landscape.Download the 2026 State of Identity & Access Report to see the full data, analysis, and recommendations.
