South African organisations are facing an escalating identity security crisis, as machine and artificial intelligence (AI) identities (digital credentials) rapidly outgrow traditional cyber security controls.
This is according to a new study, titled: “Identity Security Landscape Report 2026”, conducted by CyberArk, now part of Palo Alto Networks.
The research found that 79% of South African organisations suffered at least three successful identity-related breaches in the past 12 months, while 93% of organisations globally experienced at least one identity-related security incident.
JOIN THE CONVERSATION
To learn more about defending organisations against today’s evolving cyber threats, register for ITWeb Security Summit Cape Town 2026 or ITWeb Security Summit 2026 in Johannesburg, where global and local experts will unpack the latest security trends and solutions.
The report, based on feedback from more than 2 900 cyber security decision-makers worldwide, highlights how digital expansion, cloud adoption and AI deployment are dramatically increasing enterprise risk exposure.
Machine identities now outnumber human identities by 92 to one in SA, while the global average has reached as high as 109 to one. This means for every one human user account inside a South African organisation, approximately 92 non-human digital identities are operating in the environment.
“Identity has become the new perimeter,” the report states. “As organisations adopt more cloud, SaaS and AI-driven technologies, attackers are increasingly targeting credentials, privileged access and unmanaged identities instead of traditional network infrastructure.”
Machine identities − such as internet of things devices, bots and automated systems − were identified as the leading driver of identity growth by 53% of respondents, followed by cloud application adoption at 52%, and AI and large language models at 51%.
Researchers found that AI adoption is accelerating governance challenges for security teams, with 94% of organisations already deploying AI agents across their operations.
The report further reveals that 43% of machine identities and 41% of AI agents have access to organisational systems and sensitive data, including financial records and critical infrastructure.
“Machine and AI identities are multiplying faster than most organisations can effectively govern them.
“Legacy identity and privileged access management systems were not designed for autonomous AI agents and machine-scale environments,” according to the report.
The findings also show that 96% of organisations believe human users have more access privileges than required for their roles, creating elevated risks around insider threats, credential theft and lateral movement attacks.
Researchers warn that over-privileged machine identities, APIs, service accounts and automation tools are becoming increasingly attractive targets for cyber criminals because they often operate with minimal monitoring or governance oversight.
South African organisations were identified as among the least prepared globally for the impending shortening of certificate lifecycles.
Digital security certificates are used to verify the identity of machines, applications and systems, to enable encrypted communication between them.
According to the report, 80% of South African businesses have not fully automated certificate renewals and monitoring across all certificate environments.
“These incomplete automation practices are creating operational strain and increasing financial and security exposure,” the report notes.
Businesses estimate the average financial impact of certificate-related failures at approximately $248 051, or around R4.1 million.
The report also highlights the growing problem of “shadow identities”, including unsanctioned cloud accounts, third-party integrations and unmanaged developer environments operating outside standard governance frameworks.
Cyber security teams are also battling fragmented identity environments that slow down breach response efforts, reveals the report.
“Seventy-six percent of security professionals surveyed said disconnected identity tools are delaying threat detection and response capabilities.
“When a breach occurs, fragmented identity systems add significant delays to incident response efforts.”
Share
