Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A new report reveals that the expansion of purely digital identities is driving an expansion of attack surfaces, opening whole new areas of risk.
As businesses around the world embrace the creation of machine identities to streamline workflows via agentic AI, a new report has shown that while Australian businesses are no different, they are being lax when it comes to staying on top of cyber security risk and compliance.
CyberArk’s new 2025 Identity Security Landscape has revealed that the number of unsecured machine identities is “skyrocketing”, with a massive expansion of a business’s attack surface as one of the outcomes.
However, here in Australia, three-quarters of businesses admit to putting business efficiency first over maintaining a robust cyber security posture.
To give a sense of the scale, CyberArk’s research – based on polling of 2,600 cyber security leaders around the world – shows that for every one living and breathing Australian, there are 79 machine identities. Yet, in 92 per cent of Australian organisations, only humans are considered privileged users. More concerning is that 32 per cent of machine identities have sensitive or privileged access.
However, not everyone is aware of the risk this entails. Only 36 per cent of respondents consider unmanaged machine identities as the greatest risk to their environment. And yet, just over a third of organisations have already experienced an identity-related breach in the last 12 months, showing that hackers are well aware that this is a vulnerable vector of attack.
“As GenAI and LLMs become a key driver of cyber security investment in Australian organisations, there is an urgent need to rethink how identity security is approached. While most security strategies remain focused on human identities, the rapid growth of machine identities – especially those linked to GenAI and cloud environments – is creating a new and often ungoverned layer of risk,” Thomas Fikentscher, area vice president for ANZ at CyberArk, said in a statement.
“At the same time, compliance pressures are intensifying, and fragmented identity systems are making it harder for organisations to maintain visibility and control over who – or what – has access to critical assets. To truly unlock the benefits of GenAI while maintaining resilience and compliance, organisations must evolve their definition of privileged access and move toward integrated identity security strategies that protect both human and machine identities across the business.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
