Identity and vulnerability management were analyzed in a recent report by CyberArk. According to the report, 93% of organizations had two or more identity-related breaches in the past year. The report found that machine identities are the top cause of identity growth and considered by respondents to be the riskiest identity type.

According to the report, 50% of organizations expect identities to grow three times in the next 12 months. Sixty-one percent of organizations define a privileged user as human-only. The report found that 38% of organizations define all human and machine identities with sensitive access as privileged users.

According to the report, 84% of organizations will use three or more Cloud Service Providers (CSPs) in the next 12 months. The report also found that nearly all (99%) of organizations are using AI in cybersecurity defense initiatives.

Ninety-three percent of respondents expect AI-powered tools to create cyber risk for their organization in the coming year. More than 70% are confident that their employees can identify deepfakes of their organizational leadership. Nine out of 10 organizations have been a victim of a successful identity-related breach due to a phishing or vishing attack.

Nearly three-quarters (68%) of respondents indicate that up to 50% of all machine identities have access to sensitive data, according to the report, compared to 64% who report that about half of human identities have access to sensitive data. With an increasing number of machine identities gaining access to sensitive data, 49% of respondents identify them as the riskiest identity type. 

Read the report.

Cyber risks, ransomware and cyberattacks were analyzed in a recent report by Viking Cloud. According to the surveyed companies, cyberattacks have increased in frequency (49%) and severity (43%) over the past 12 months.

The report found that 96% of companies are confident in their ability to detect and respond to cyberattacks in real time. However, the same companies were unprepared for cyber risks, including ransomware attacks against a critical third party (48%), phishing attacks (40%), DNS attacks (33%) and ransomware attacks against their business (32%).

According to the report, 53% reveal emerging AI attack methods are creating new attack points for which they are unprepared. The most worrying AI threats include Generative AI (GenAI) model prompt hacking (46%), Large Language Model (LLM) data poisoning (38%), Ransomware as a Service (37%), GenAI processing chip attacks (26%), Application Programming Interface (API) breaches (24%) and GenAI phishing (23%).

Fifty-five percent of companies believe modern cybercriminals are more advanced than their internal team, and 35% reported the technology cybercriminals use is more sophisticated than the tech to which their team has access.

The report found that 10% of companies have increased cyber hiring in the past 12 months, and nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyberattacks. Thirty-five percent of companies don't have enough budget to invest in new tech and 32% don’t have enough budget to hire more staff.

According to the report, 33% of companies were late to respond to cyberattacks because they were dealing with a false positive, and 63% spend more than 208 hours per year managing false positives. Overall, 68% of cyber teams surveyed could not currently meet The Securities and Exchange Commission’s four-day disclosure requirement and cyber industry benchmark based on the average amount of time they estimate it would take to respond to a new, serious attack.

Read the report.