| Finding |
Key Supporting Evidence |
| Identity lifecycle management remains one of the weakest areas of enterprise security. |
90% of organizations contained inactive accounts. Over 5,900 inactive accounts and 13,800 accounts with non-expiring passwords were identified. |
| Administrative access is broader than organizations realize. |
Every organization had opportunities to strengthen privileged access governance. Up to 83% of privileged accounts inherited administrative rights through nested group membership. |
| Permission sprawl continues to increase organizational risk. |
More than 74,000 permission changes and 15,000 security group modifications were observed. Excessive permissions were identified across every environment. |
| Authentication noise is making genuine threats harder to detect. |
More than 139 million failed logons were analyzed. The majority originated from service accounts, legacy systems, automation, and stale credentials rather than malicious activity. |
| Organizations consistently underestimate how much sensitive data they hold. |
More than 230,000 sensitive files were discovered, including HR, payroll, financial, legal, and regulated personal information distributed across file servers and Microsoft 365. |
| Organizations lack confidence in who can access their most sensitive data. |
Every assessment identified opportunities to improve access governance. Sensitive repositories frequently contained excessive access, inherited permissions, or Full Control assignments. |
| Organizations lack visibility into how sensitive data is being used. |
More than 170,000 file copy events, 35,000 file renames, and over 700,000 after-hours file activities were observed across the environments assessed. |
| AI is exposing existing governance weaknesses, not creating new ones. |
Every Microsoft Copilot readiness assessment recommended reviewing permissions, sensitive data, and access governance before AI deployment. |
| Security teams still struggle to answer basic security questions. |
Every organization relied on manual investigations for at least part of their security operations, with fragmented audit data spread across multiple systems. |
| Modern identity and data security has outgrown manual security operations. |
Organizations generated millions of identity, permission, authentication, and user activity events that could not realistically be governed through manual processes alone. |