CyberArk (NASDAQ: CYBR), the global leader in  identity security , today announced the release of the 2025 Identity Security Landscape, a global study revealing how organisations are inadvertently creating a new identity-centric attack surface through growing use of AI and cloud.

In Australia, the findings reveal a notable disconnect between rising cyber risk and business priorities, with three in four organisations (75%) admitting to prioritising business efficiencies over robust cybersecurity, even as identity-related breaches continue to rise.

The report also found that over two thirds (68%) of Australian organisations believe that implementing tailored compliance frameworks focused on their business-critical assets would help achieve greater self-regulation and improved controls to align with the Australian Government’s cybersecurity and critical infrastructure regulation.

Globally, the report shows that machine identities are mostly unknown and uncontrolled within organisations, while the primary roadblocks to Agentic AI adoption involve security concerns around external manipulation and sensitive access, signposting the emergence of a new and potent identity security challenge.

2025 Identity Security Landscape – Australian Highlights

‘Rise of the machines’ contributes to unsecured privilege sprawl: Machine identities, driven primarily by cloud and AI, now vastly outnumber human identities within organisations and a third  have sensitive or privileged access. However, many enterprises leave both human and machine access to critical systems under-secured.

• There are 79 machine identities for every human in Australian organisations.
• In 92% of Australian organisations, the definition of a ‘privileged user’ applies solely to human identities – but 32% of machine identities have privileged or sensitive access.
• 36% of security professionals said unknown and unmanaged identities pose the greatest security risk across cloud infrastructure and workloads, and 41% believe these environments are also expected to be the primary source of new identities with privileged or sensitive access.
• In the past 12 months, 35% of organisations experienced identity-related breaches involving phishing, vishing (including deepfakes) and 27% faced compromised privileged access at least twice.

AI is everywhere and identity-centric agentic AI risk looms : Sanctioned and unsanctioned adoption of AI and large language models (LLMs) is simultaneously transforming organisations while amplifying cybersecurity risks. Concerns around the emergence of AI agents and their privileged access underscores the urgency for targeted identity security investment.

• AI is expected to drive the creation of the greatest number of new identities with privileged and sensitive access in 2025.
• 69% of organisations lack identity security controls for AI.
• 38% cannot secure shadow AI usage in their organisation.
• The major roadblocks to AI agent adoption include manipulation and sensitive access concerns.

Complexity and identity silos are overwhelming security leaders and undermining business resilience: Fragmented identity security programs and poor environmental visibility are diminishing resilience in the face of evolving cybersecurity threats. Most organisations face increased privilege-related compliance pressure.

• 60% of Australian respondents say identity silos are a root cause of organisational cybersecurity risk.
• 73% of security professionals agree that insufficient visibility into privileged accounts increases cyber risk.
• 65% of security professionals stated that the lack of integration between identity and security tools hinders their organisation’s resilience.
• 93% of organisations are under increased pressure from insurers mandating enhanced privilege controls.

“As GenAI and LLMs become a key driver of cybersecurity investment in Australian organisations, there is an urgent need to rethink how identity security is approached. While most security strategies remain focused on human identities, the rapid growth of machine identities – especially those linked to GenAI and cloud environments – is creating a new and often ungoverned layer of risk,” said Thomas Fikentscher, Area Vice President for ANZ at CyberArk. “At the same time, compliance pressures are intensifying, and fragmented identity systems are making it harder for organisations to maintain visibility and control over who — or what — has access to critical assets. To truly unlock the benefits of GenAI while maintaining resilience and compliance, organisations must evolve their definition of privileged access and move toward integrated identity security strategies that protect both human and machine identities across the business.”

Further Information

• Download the  2025 Identity Security  Landscape.
• Blog:  The Cybersecurity Investment Most Organisations Are Failing To Secure.
• Download the executive summary to explore key findings and how an identity-focused approach can help you secure every identity and strengthen enterprise resilience.

About The Report

The 2025 Identity Security Landscape was conducted across private and public sector organisations of 500 employees and above. It was conducted by market researchers Vanson Bourne amongst 2,600 cybersecurity decision makers. Respondents were based in Brazil, Canada, Mexico, US, France, Germany, Italy, the Netherlands, Spain, UK, UAE, Saudi Arabia, South Africa, Australia, India, Hong Kong, Israel, Japan, Singapore and Taiwan.

About CyberArk

CyberArk (NASDAQ: CYBR ) is the global leader in identity security, trusted by organisations around the world to secure human and machine identities in the modern enterprise. CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organisations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.

###

Copyright © 2025 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.