Seventy-nine percent of South African organisations experienced at least three successful identity-related breaches in the last 12 months, driven largely by the explosion of agentic and machine identities.
This is according to the Identity Security Landscape Report 2026 by CyberArk, a Palo Alto Networks company, which reveals that the attack surface is expanding faster than businesses can defend it.
Ninety-four percent of businesses have already deployed AI agents, yet governance frameworks are struggling to keep pace. Machine identities vastly outnumber human ones, with a ratio of 92 to one.
All three identity types are expected to grow over the next 12 months. Machine and AI agent identities are expected to see the steepest increases, anticipated by 84% and 82% of respondents, respectively, while 59% expect human identities to follow suit.
Among those already anticipating identity growth, the main factors driving this are machine identities such as IoT and bots (53%), the adoption of more cloud applications (52%), and AI and LLMs (51%).
With digital expansion overtaking workforce growth as the primary driver of new identities, security teams are under increasing pressure to extend visibility, control and governance across an ever more complex identity mix.
At the enterprise level, identity threats are now a sustained operational reality, not isolated incidents, with 93% of businesses having experienced an identity-related breach. Security professionals acknowledge that identity complexity is outpacing control.
South Africa is among the least prepared for the impending shortening of certificate lifecycles, with 80% not fully automating renewals and monitoring across all certificate environments.
These incomplete automation risks are turning operational strain into financial and security exposure, with businesses expecting an average financial impact of approximately $248 051 (R4,1-million) from certificate-related failures.
Cyber insurers are also taking notice: 97% of security leaders say insurance requirements have directly shaped their identity security investment decisions over the past year.
Other key findings from the research include:
- More than two in five AI agents (41%) and machine identities (43%) have access to their organisation’s data, on average, which may include sensitive information such as financial records or high-value systems.
- While the majority of businesses apply behavioural monitoring and credential revocation for AI agents, gaps remain. For autonomous AI agents, 55% use behavioural monitoring and 46% use credential revocation, with similar patterns holding for conversational and generative AI agents.
- 76% of security professionals agree that fragmented identity systems and tools are impacting or delaying their ability to detect and respond to identity-related threats. When a breach does occur, tool fragmentation adds an average of around 10 hours to incident response time.