19 - 05 - 2026

Over three in four Indian firms hit by identity breaches over past year: Sophos

Nearly 77% of organisations in India suffered at least one identity-related breach in the past year, according to a report by global cybersecurity firm Sophos.

The vendor-agnostic survey of 5,000 IT and cybersecurity leaders across 17 countries revealed that 76.8% of surveyed Indian firms were hit by such breaches. Globally, organisations reported an average of three separate incidents, with a notable 5% suffering repeat victimisation of six or more breaches.

“Identity-based attacks are becoming increasingly sophisticated in India as organisations rapidly expand their digital ecosystems and adopt Artificial Intelligence-driven technologies. The finding that nearly 77% of organisations in India experienced an identity-related breach highlights how critical it is for businesses to strengthen both human and non-human identity security practices,” said Sunil Sharma, Managing Director and Vice President – Sales, India and SAARC, Sophos.

“As AI agents, cloud services, APIs and automated workflows continue to scale, organizations need far greater visibility and control over identities, access privileges and authentication activity. A proactive, layered identity security strategy combined with continuous monitoring and Zero Trust principles will be essential for Indian businesses to stay resilient against evolving cyber threats.”

The attacks are driven primarily by human error and weak management of non-human identities (NHIs)—such as API keys stored in code, static credentials, and orphaned service accounts—a challenge that is accelerating rapidly due to agentic artificial intelligence (AI).

In India, identity compromise has established itself as a primary delivery mechanism for ransomware. Sophos found that 79% of Indian ransomware victims surveyed confirmed their incident stemmed from an identity attack.

The financial consequences of these breaches are steep. Globally, the mean recovery cost reached ₹13.67 crore ($1.64 million), with a median of ₹6.25 crore ($750,000). Furthermore, 73% of affected organisations faced recovery costs of ₹2.08 crore ($250,000) or more.

Human error, such as employees being tricked into providing credentials, was cited in nearly 43% of global incidents, whilst weak NHI management was blamed for 41%. Organisations with weak NHI management are 22% more likely to experience financial theft, paying approximately ₹1.25 crore ($150,000) more than average to recover.

Sophos warned that the NHI problem is intensifying because AI agents can autonomously spin up sub-agents, creating new credentials with broad access and inconsistent human oversight. Globally, only 1 in 3 organisations regularly rotate or audit these service accounts, and just 11% do so continuously.

The survey, conducted in Q1 2026, covered organisations with 100 to 5,000 employees across 14 industries, including India, the UK, and the US.