UK businesses are dealing with cyber attacks so often that research from Idira, formerly known as CyberArk under Palo Alto Networks, found that 74% of UK organisations experienced at least 3 successful identity related breaches in the past 12 months.
That means many businesses were not dealing with just one unfortunate incident. They were dealing with repeated access failures involving employee accounts, machine identities and AI systems.
The company’s Identity Security Landscape Report 2026 also found that 83% of UK organisations had suffered at least one identity related breach.
This comes as the UK government is urging businesses to tighten cyber defences through a new Cyber Resilience Pledge and stronger standards, saying AI is making attacks faster and easier for criminals.
Why Are Businesses Getting Breached Again And Again?
One of the biggest issues is scale; Idira’s research says machine identities now outnumber humans 100 to 1 in UK organisations. These identities can be anything from bots and cloud systems to connected devices and automated tools.
That’s expected to go up even more in the next year. Around 82% of UK respondents expect growth in machine identities, 90% expect growth in AI identities and 50% expect more human identities too.
Businesses are no longer managing only staff logins because now, they’re managing thousands of digital identities that need permissions, passwords, certificates and access rules.
Rich Turner, Senior Vice President EMEA Identity Security at Palo Alto Networks, said, “The explosion of machine identities represents a fundamental shift in the enterprise attack surface. With AI driven identities projected to continue accelerating in the next year, organisations are facing a reality where identity complexity is rapidly outpacing traditional security controls.”
The report found that 80% of UK respondents said fragmented identity systems and tools are affecting or delaying their organisation’s ability to detect and respond to identity related threats.
Many businesses are running disconnected security systems and manual processes across too many digital identities.
Are Companies Treating Cybersecurity Like A Business Issue?
The UK government believes many organisations are not taking cyber security seriously enough at leadership level.
As part of a national cyber campaign, ministers are encouraging businesses to sign up to the Cyber Resilience Pledge, which asks organisations to take three actions.
These are making cyber security a board level responsibility, signing up to the National Cyber Security Centre’s free Early Warning Service, and requiring Cyber Essentials certification across supply chains.
The government has committed £90 million to cyber resilience work.
More from Cybersecurity
- Cycode Wants To Secure The Agentic Era – And It’s Just Launched The Product To Prove It
- Lyrie.ai Deploys Real-Time Zero-Day Tracking Across Global Enterprise Infrastructure
- Part 1: Is This The End Of World Password Day? Experts Weigh In
- Experts Comment: Has The AI Race Made The World Less Safe?
- ShinyHunters Just Hacked Rockstar Through A Supplier – Every Business Using Third-Party Software Should Pay Attention
- Is Vibe Coding Safe Or A Cybersecurity Disaster Waiting To Happen?
- Anthropic Is Taking On Cybersecurity With AI, And It Has Brought Apple and Amazon Along For The Ride
- External Attack Surface Management And Why It Matters For Startups
Cybersecurity Minister Baroness Lloyd said, “Cybersecurity is now fundamental to economic growth, job creation and the resilience of the services people rely on every day.”
She added, “The UK has a world class cyber sector that is creating skilled jobs and protecting our economy and government is doing more by investing in its own defences, legislating to require more of essential services and setting national standards.”
Her message to businesses:
“As threats evolve, businesses of all sizes need to step up and take action now. The Cyber Resilience Pledge is a call for companies to strengthen their defences, protect their customers and keep the UK secure and competitive.”
The government also reported that 43% of UK businesses experienced a cyber breach or attack in the past year.
Is AI Making The Problem Worse?
AI is creating more opportunities for businesses, but as countless reports have shown, it is also adding more digital access points that attackers can exploit.
Idira found that 34% of AI agents and 37% of machine identities in UK organisations have access to company data on average. That can mean financial records, internal systems or sensitive customer information.
Many businesses are not fully monitoring those systems.
Only 51% of UK organisations use behavioural monitoring for autonomous AI agents, while just 37% use credential revocation.
That leaves many AI tools and automated systems operating with access but limited oversight.
Turner said organisations can no longer continue with old habits.
He said, “The fact that 83% of organisations have suffered an identity related breach in the UK and 91% in EMEA more broadly proves that as AI agents gain more access to sensitive data, security leaders must move beyond manual processes.”
He added, “To close the gap, organisations must embrace end to end automation and unified governance. Otherwise, the risks of expanding AI and machine identities will only continue to intensify.”
Is The UK Cyber Sector Ready For Demand?
The irony is that cybersecurity is becoming one of the UK’s fastest growing business sectors.
The UK government said cybersecurity sector revenue came up 11% to £14.7 billion, while the number of cyber businesses came up 20% to 2,603.
The sector also created 2,300 jobs in the past year.
There is no shortage of cyber products, services or expertise entering the market.
Businesses know attacks are happening but the issue is that many are only treating cybersecurity as an urgent business issue after repeated breaches.
