CyberArk (NASDAQ: CYBR), the global leader in identity security, today released its 2025 State of Machine Identity Security Report, revealing that machine identity-related security incidents are on the rise, as the volume and complexity of machine identities continue to multiply. The report found that while the majority of Australian organisations have some form of machine identity security program, many are still immature, with less than half having a dedicated program – 13% below the global average – and nearly half of Australian security leaders reporting security incidents or breaches caused by compromised machine identities.
Additionally, sixty-nine percent of Australian organisations have experienced at least one certificate-related outage in the past year, with nearly half suffering significant business impact due to an expired TLS certificate.
Machine identities—including certificates, keys, secrets and access tokens—are exploding amid the rise of artificial intelligence (AI) adoption, cloud native innovations and shorter machine identity lifespans. As a result, organisations are struggling to keep up and siloed approaches to securing machine identities create its own risks. The report shows the substantial business impacts of not securing machine identities effectively, leaving organisations vulnerable to costly outages and breaches.
Thomas Fikentscher, Area Vice President for ANZ, CyberArk, commented “As Australian organisations accelerate digitalisation, automation and AI adoption, the growth and complexity of machine identities make securing them critical. Expired certificates and compromised machine identities are not just technical issues—they have real business impact, from application downtime to unauthorised access. To address these challenges, organisations must move beyond fragmented approaches and establish a unified machine identity security strategy in order to get full transparency and be able to effectively mitigate risks.”
2025 State of Machine Identity Security Report Highlights
CyberArk surveyed more than 1,200 security leaders across multiple countries. Key findings for Australia from the research include:
- Frequency of outages surges dramatically – Over two thirds (69%) of respondents have suffered at least one certificate-related outage in the past year, with 63% experiencing outages monthly and 33% weekly.
- Machine identity-related compromises have substantial business impacts – Nearly half (41%) of security leaders reported security incidents or breaches linked to compromised machine identities in the last year, with 45% caused by SSL/TLS certificates – 12% above the global average. These led to delays in application launches (48%), unauthorised access to sensitive data or networks (40%) and outages impacting customer experience (29%).
- Machine identity growth continues at pace – Machine identities outnumber human identities by an overwhelming margin and continue to grow quickly. 81% of Australian security leaders anticipate the number of machine identities in their organisation to increase, with over two-thirds (73%) predicting that machine identities will grow by up to 50% and 6% projecting radical growth of more than 50%.
- AI looms large on the machine identity threat horizon – As AI systems become a growing target for cyberattacks, 76% of security leaders believe machine identity security will play a vital role in securing the future of AI. Seventy-seven percent say securing AI models from manipulation and theft means putting greater emphasis on the need for machine identity authentication and authorisation.
- Machine identity security programs lack maturity – While 89% of security leaders report some form of machine identity security program, many of these programs lack maturity. Respondents reveal the lack of a cohesive machine identity security strategy as their biggest concern (39%), followed by expired certificates leading to service disruptions and outages (39%) and the inability to quickly find and revoke compromised identities (37%).
- Siloed approach to securing machine identities creates risk – Where multiple tools to secure machine identities exist within organisations, inefficiencies, risk and management challenges are created. For example, responsibilities for preventing machine identity-related compromises were found to be split among security (54%), development (24%) and platform (12%) teams.
“Machine identities of all kinds will continue to skyrocket over the next year, bringing not only greater complexity but also increased risks,” said Kurt Sand, GM of Machine Identity Security at CyberArk. “Cybercriminals are increasingly targeting machine identities – from API keys to code signing certificates – to exploit vulnerabilities, compromise systems and disrupt critical infrastructure, leaving even the most advanced businesses dangerously exposed. This research highlights the urgency for security leaders to establish a comprehensive, end-to-end machine identity security strategy that tackles the non-human identities that matter most to prevent potential attacks and outages—especially as AI agents continue to rise and the quantum attack timeline shortens.”
To read the full report and access additional findings, please visit https://www.cyberark.com/2025-state-of-machine-identity-security-report/.
Additional Resources
1Research was conducted by Censuswide among a sample of 1,201 security and IT decision-makers in organisations with 500 or more employees across the USA, UK, Australia, France, Germany and Singapore. The data was collected between January 9, 2025 and January 17, 2025. Censuswide abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles. Censuswide is also a member of the British Polling Council.
About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in identity security, trusted by organisations around the world to secure human and machine identities in the modern enterprise. CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organisations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.
Copyright © 2025 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
