Lepide Publishes State of Identity and Data Security 2026 Research Report

Austin, TX – July 3, 2026 – Lepide has released its State of Identity and Data Security 2026 report, providing insight into the most common identity and data security risks identified during real-world enterprise security assessments.

The research reveals that identity-related security challenges remain widespread across organisations, with excessive permissions, inactive accounts and unusual user activity continuing to increase organisational risk.

  • 79% of organisations assessed had users with excessive permissions, increasing the potential impact of compromised accounts.
  • Up to 83% of privileged accounts inherited administrative rights through nested group membership.
  • 90% of organizations had enabled inactive accounts in Active Directory.
  • 80% of organizations identified authentication noise as a major challenge.
  • 100% of organizations surveyed were not ready for AI tools like Copilot due to significant weaknesses in governance.

“The findings reinforce what we’re seeing every day when working with customers,” said Aidan Simister, CEO of Lepide. “Many organisations have invested heavily in identity and data security technologies, yet still lack the visibility needed to understand who has access to sensitive data, whether that access is appropriate and how user behaviour impacts overall risk. We hope this research provides security teams with useful benchmarks and practical guidance for strengthening their own environments.”

The report explores the state of identity and data security across hybrid IT environments and provides practical recommendations covering identity hygiene, permissions management, sensitive data exposure, user behaviour monitoring and ransomware preparedness.

The full State of Identity and Data Security 2026 report is available at:

https://www.lepide.com/research/state-of-identity-data-security-2026/

About Lepide

Lepide helps organisations reduce identity and data security risk by providing visibility into user activity, permissions and sensitive data across on-premises and cloud environments. The Lepide Data Security Platform enables organisations to strengthen identity governance, detect threats, reduce excessive access and protect critical business data.