The State of Identity and Data Security 2026

Research at a Glace

Metric Value
Organizations assessed 10
Industries 7
Countries 3
Technologies assessed 7
Total inactive accounts identified 5,910
Total failed logons analyzed 139M+

The 10 Key Findings

Finding Key Supporting Evidence
Identity lifecycle management remains one of the weakest areas of enterprise security. 90% of organizations contained inactive accounts. Over 5,900 inactive accounts and 13,800 accounts with non-expiring passwords were identified.
Administrative access is broader than organizations realize. Every organization had opportunities to strengthen privileged access governance. Up to 83% of privileged accounts inherited administrative rights through nested group membership.
Permission sprawl continues to increase organizational risk. More than 74,000 permission changes and 15,000 security group modifications were observed. Excessive permissions were identified across every environment.
Authentication noise is making genuine threats harder to detect. More than 139 million failed logons were analyzed. The majority originated from service accounts, legacy systems, automation, and stale credentials rather than malicious activity.
Organizations consistently underestimate how much sensitive data they hold. More than 230,000 sensitive files were discovered, including HR, payroll, financial, legal, and regulated personal information distributed across file servers and Microsoft 365.
Organizations lack confidence in who can access their most sensitive data. Every assessment identified opportunities to improve access governance. Sensitive repositories frequently contained excessive access, inherited permissions, or Full Control assignments.
Organizations lack visibility into how sensitive data is being used. More than 170,000 file copy events, 35,000 file renames, and over 700,000 after-hours file activities were observed across the environments assessed.
AI is exposing existing governance weaknesses, not creating new ones. Every Microsoft Copilot readiness assessment recommended reviewing permissions, sensitive data, and access governance before AI deployment.
Security teams still struggle to answer basic security questions. Every organization relied on manual investigations for at least part of their security operations, with fragmented audit data spread across multiple systems.
Modern identity and data security has outgrown manual security operations. Organizations generated millions of identity, permission, authentication, and user activity events that could not realistically be governed through manual processes alone.

Biggest Numbers

  • 139 Million Failed authentication events observed
  • 74,000+ Permission changes analyzed
  • 5,910 Inactive accounts identified
  • 230,000+ Sensitive files discovered
  • 1.3 Million Microsoft 365 and infrastructure changes
  • 13,800+ Accounts with Password Never Expires

Research Takeaways

  • Identity Dormant identities remain common regardless of organization size.
  • Permissions Excessive permissions consistently expose sensitive business data.
  • AI AI is amplifying governance weaknesses rather than creating new security risks.
  • Operations Manual security processes are no longer sustainable in hybrid environments.