Netwrix has released its 2026 Data and Identity Security Report, based on insights from 2,317 IT and security professionals representing 1,889 organizations across more than 60 industries worldwide. The findings reveal that only 11% of organizations consider themselves fully prepared for AI security challenges, while 17% remain completely unprepared and 45% are still developing AI governance programs.
Among organizations where AI significantly expanded the number of identities requiring access, breach rates reached 43% over the past twelve months, compared with 11% where AI had not materially changed access patterns. The gap persisted even among organizations that were ahead on core security practices, including data visibility and non-human identity governance.
“Organizations where AI expanded access saw four times the breach rate of those where it didn’t, 43% versus 11%,” said Grady Summers, CEO of Netwrix. “The root cause here is speed. AI adds identities and accesses data faster than human-paced reviews can track them, and attackers can create an impact in seconds. Governance has to run at that speed or it’s just theater.”
2026 Data and Identity Security Report Highlights
76% of organizations do not fully govern or monitor non-human identities. Seventy-five percent of sensitive data exposures begin with compromised identities or misconfigured permissions, and 76% of organizations can’t immediately revoke standing access when it is no longer needed.
74% of organizations lack a unified view of sensitive data and the identities that can access it. Seventy percent have no unified strategy connecting identity and data visibility, making it difficult to know what AI is touching or who can reach it.
Only 11% have operationalized AI governance through continuous enforcement and monitoring. Only 19% fully govern non-human identities, and only 20% fully monitor employee use of shadow AI.
Only 23.5% of organizations can respond at the speed attackers move. Nearly 63% require between one and three days to remediate identified risks.
Organizations with 500 to 999 employees reported a 40.3% breach rate, the highest of any size segment. Technology, healthcare, and construction reported the highest breach rates by industry. In North America, 24% of breached organizations reported losses of at least $100,000 in the past year; 12% reported losses above $250,000.
Data, Identity & AI Security Assessment
Netwrix today also launched the Data, Identity & AI Security Assessment, a free benchmarking tool that evaluates organizations across 12 security dimensions and five maturity tiers for AI readiness. Participants receive a personalized assessment of their current posture, key areas of exposure, and recommended next steps.
- Download the 2026 Data and Identity Security Report here.
- More information here.
Related News:
Constant Contact Report: Small Businesses Embracing AI
Black Duck State of AI-Powered Software Development Report Released
Methodology
The 2026 Data and Identity Security Report was produced by Netwrix Research Lab. Netwrix surveyed 2,317 security professionals globally in early 2026, benchmarking 1,889 organizations across more than 60 industries, five maturity tiers, and 12 security dimensions. Respondents by region: Americas 68%, EMEA 23%, APAC 9%.
