With the rise of autonomous AI and other cyber risks, respondents of one survey may have been underestimating growing machine-identity risks
Based on January 2025 commissioned survey of 1,201 security and IT decision-makers in organizations with 500 or more employees across the areas of the USA, the UK, Australia, France, Germany and Singapore* on the topic of machine identity security, an information security firm has published some findings from the data.
First, the frequency of certificate-related outages was significantly high in Singapore (deemed to represent the Asia Pacific region), with 78% of respondents reporting at least one such outage in the past year, and 74% experiencing outages monthly, 77% weekly.
Second, 78% of respondents who were security leaders had cited encountering breaches or incidents tied to compromised machine identities, resulting in delays (51%), unauthorized access to sensitive data (51%), and customer experience-impacting outages (37%).
Other findings
Third, 85% of security leaders in the survey cited anticipating a 150% increase in machine identities within the next year. Also:
- 82% of respondents (security leaders) cited acknowledging the vital role of machine identity security in protecting AI.
- 94% of respondents indicated having some form of machine identity security program, with 46% citing the absence of a cohesive strategy.
- 42% of respondents (security leaders) cited “short machine identity lifecycles “ and 38% cited the risk of stolen machine identities as key concerns.
According to Kurt Sand, General Manager (Machine Identity Security), CyberArk, the firm that commissioned the survey: “Cybercriminals are increasingly targeting machine identities — from API keys to code signing certificates — to exploit vulnerabilities, compromise systems and disrupt critical infrastructure…,” and that a siloed approach to securing machine identities increases inefficiencies and risks: with security, development, and platform teams often sharing responsibilities.
With the rise of AI agents rise and the Quantum attack timeline shortening, Sand recommended organizations to establish a comprehensive, end-to-end machine identity security strategy that tackles the non-human identities that matter most for the prevention of cyberattacks and outages.
*No demographic data of respondents provided
