The State of Identity and Data Security 2026

References

Industry Standards & Frameworks

  1. National Institute of Standards and Technology. (2024). The NIST Cybersecurity Framework (CSF) 2.0 (NIST CSWP 29). U.S. Department of Commerce. Available at: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
  2. National Institute of Standards and Technology. NIST Cybersecurity Framework Resource Center. Available at: https://www.nist.gov/cyberframework
  3. National Institute of Standards and Technology. (2020). Special Publication 800-207: Zero Trust Architecture. Available at: NIST SP 800-207
  4. National Institute of Standards and Technology. (2020). Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations. Available at: NIST SP 800-53 Rev. 5
  5. Center for Internet Security. CIS Critical Security Controls v8.1
  6. MITRE ATT&CK Framework
  7. ISO/IEC 27001 Information Security Management Standards
  8. CISA Cybersecurity Resources

Industry Research

  1. Verizon 2025 Data Breach Investigations Report (DBIR)
  2. Microsoft Digital Defense Report 2025
  3. Microsoft Learn – Microsoft Copilot Security and Compliance Documentation
  4. Microsoft Learn – Microsoft Purview Documentation
  5. Microsoft Learn – Microsoft Entra Documentation
  6. Microsoft Learn – SharePoint Security and Permissions Documentation
  7. Microsoft Learn – Windows Server Active Directory Documentation

Primary Research

  1. Lepide. (2025–2026). Identity & Data Risk Assessments. Internal technical assessments conducted across ten production environments spanning government, education, manufacturing, construction, utilities, commercial services, and nonprofit organizations. Findings presented throughout this report are derived from these technical assessments.

Research note: The benchmark statistics presented throughout this report are derived exclusively from the ten production environments assessed by Lepide between 2025 and 2026. Industry standards, frameworks, and external publications have been referenced to provide additional context and align terminology with recognized cybersecurity best practices.