Title: New Research Highlights Challenges Faced by IT Leaders in Managing Identity Footprint Amid AI Expansion
Recent findings from Keeper Security have shed light on the significant challenges facing IT leaders in navigating the complexities of identity management in an increasingly AI-driven landscape. The research, encapsulated in the "Identity Security at Machine Speed Report," draws from insights provided by 200 cybersecurity decision-makers and senior IT leaders across Europe, the United States, Asia-Pacific, and the Middle East. This comprehensive study explores the hurdles these professionals encounter as identity ecosystems become more intricate, incorporating both human participants and a burgeoning number of Non-Human Identities (NHIs).
A startling 89% of IT leaders report struggles with managing the expanding identity footprint, reflecting a global trend echoed throughout various regions. This remarkable statistic points to a transformative digital environment where modern security frameworks must adapt to unprecedented levels of complexity. Particularly among UK respondents, over half (52%) identified AI-driven attacks as a significant factor contributing to increased security pressures, the highest rate among European markets. This finding underscores a pressing need for proactive measures as the incorporation of Artificial Intelligence continues to evolve.
The study outlines that identity authority often remains fragmented across disparate systems, creating a scenario where no single cybersecurity control plane exists. Alarmingly, 96% of global respondents pointed out that disconnected or poorly integrated security tools generate exploitable weaknesses that malicious actors can capitalize on. In the UK, 67% of participants indicated that this integration complexity poses a moderate to significant challenge, a figure that surpasses the global average of 63%. Such insights elucidate a critical area for UK security teams, who must navigate the intricacies of a multifaceted identity landscape.
Despite these challenges, UK organisations have demonstrated a notable proficiency in real-time detection capabilities. Approximately 33% of respondents reported identifying credential misuse within minutes, outpacing the global average of 28%. Furthermore, 51% were able to detect such misuse within hours. However, 14% of respondents still took days or even longer to uncover unauthorized privileged access, highlighting a significant lingering risk within the security framework.
As AI usage accelerates, new governance gaps emerge, particularly concerning the management of NHIs. The study reveals that 43% of global respondents view AI-related NHI governance as a critical gap in identity governance, closely aligning with the UK’s response at 40%. With AI agents and machine accounts proliferating within UK enterprises, a lack of cohesive governance over these non-human identities has inadvertently expanded the attack surface, paving the way for potential exploits.
Additionally, the study uncovered a substantial concern regarding employees unintentionally exposing sensitive information to AI systems, with 56% of respondents citing this risk. Notably, 55% of UK participants identified this concern as a primary gap in AI security. UK organisations displayed heightened sensitivity to AI-driven social engineering and impersonation threats, with 40% expressing concern—significantly surpassing the global average of 35%. This demonstrates a growing awareness of AI’s potential as a deceptive tool, necessitating vigilance in protective measures.
A pronounced lack of visibility into the AI tools utilized by employees was highlighted as a critical governance gap, noted by 42% of organisations. This issue intertwines with broader concerns surrounding third-party risk; 34% of UK respondents revealed that incidents involving third-party vendors or suppliers contributed to heightened security pressures—above the global average of 28% and higher than rates recorded in Germany and France. This emphasizes the need for UK enterprises to address the multifaceted identity risks posed by external affiliations.
The study reflects a landscape of heightened threat awareness among UK respondents, juxtaposed with uneven capabilities for defense. Notably, 27% reported experiencing attacks on a weekly basis. In response to these escalating challenges, investment objectives are promising—with 50% of UK IT leaders indicating a focus on AI security tools in the upcoming year and 38% planning to invest in passwordless or passkey authentication solutions, which ranks highest among European nations surveyed.
Darren Guccione, CEO and Co-founder of Keeper Security, articulated the core issue succinctly: “AI agents, service accounts, and machine identities radically outnumber human users in many environments. Most organisations lack the capabilities in their current identity security stack to govern them. Every unmanaged identity is a prime target for attackers. Given the accelerated proliferation of AI and machine identities within enterprise infrastructure, the implementation of pervasive identity governance with real-time detection and least-privilege enforcement is essential.”
In conclusion, the Keeper Security study underscores a critical juncture for IT leaders as they grapple with the expanding identity footprint amid the rapid evolution of AI. The insights gleaned present not only a keen understanding of current challenges but also signal an urgent call to action for organisations striving to bolster their cybersecurity measures in this dynamic landscape.