A recent survey from Permiso reveals that identity-related security incidents now account for up to 75% of all reported cases, highlighting a significant threat to organisations in the US, UK, and Canada.
The 2026 State of Identity Security Report indicates a concerning 47-point drop in confidence regarding visibility into identity management. While 95% of organisations claim they can track non-human identities, only 43% can proactively detect identity threats, and 46% maintain comprehensive visibility into their identity landscapes—down from 93% the previous year.
Jason Martin, co-CEO at Permiso, commented on this decline in confidence, emphasising the necessity for unified visibility to address identity management issues effectively.
Strikingly, 71% of organisations believe that improved visibility could have prevented a significant percentage of their security incidents. Despite awareness of the solutions available, 44% report that security breaches are the primary consequence of limited visibility.
The rise of artificial intelligence compounds these challenges. The report highlights that 95% of organisations acknowledge AI systems can create or modify identities without human oversight, and 91% anticipate an increase in AI-generated identities over the next year.
Currently, 92% have AI agents accessing production data, with 39% reporting that these agents could access 26-50% of sensitive information. This raises critical questions regarding monitoring and control over AI-generated identities.
Operationally, the report notes that organisations typically rely on 3-10 disparate tools for identity visibility, resulting in labour costs ranging from $31,000 to $125,000 annually. Only 23% of organisations can rapidly detect threats and assess impact, leading to significant delays in incident response time.
Yet, the market is responding. Nearly 90% of organisations plan to enhance their identity security investments in 2026, with 38% indicating an increase of over 30%. Improvements in detection speed have also been noted, with 79% of organisations now able to detect threats within 24 hours.
This survey encompasses 512 organisations, providing vital year-over-year trend analysis on cloud infrastructure, identity management practices, and threat detection capabilities, underscoring the critical need for real-time monitoring and unified visibility.
