CyberArk report warns of growing risks as machine identities surge and cyber defences lag behind in Indian enterprises
A new report by global cybersecurity provider CyberArk has raised red flags about India’s growing identity-centric attack surface, warning that businesses are prioritising operational speed and AI adoption over critical cybersecurity measures. The 2025 Identity Security Landscape report reveals that 77 per cent of Indian organisations admit to placing business efficiency above cybersecurity, a decision that could prove costly amid rising threats from both human and machine identities.
According to the report, machine identities in Indian enterprises now vastly outnumber human ones, with a staggering 82 machine identities for every human. Many of these machine identities, powered by artificial intelligence and cloud infrastructure, hold privileged or sensitive access to critical systems. Yet, 42 per cent of these identities remain under-secured, while 68 per cent of organisations lack any identity security controls for AI.
The study also found that 68 per cent of Indian organisations blame identity silos for increasing their cybersecurity vulnerabilities. Meanwhile, 85 per cent face growing pressure from insurers and regulators to implement enhanced privilege controls.
Identity Breaches On The Rise Globally
The threat landscape is already showing consequences, 76 per cent of global organisations reported at least two successful identity-related breaches in the past year including phishing, deep fakes, and third-party identity theft.
With AI agents set to create the highest number of new privileged identities in 2025, and human-plus-machine identities expected to double, CyberArk’s report calls for urgent modernisation of identity security frameworks. Failing to act, it warns, could compromise not just data, but long-term business resilience and trust.
Experts Call For Stronger Identity Security Frameworks
Shankar Iyer, Director– Business Strategy, India, Infobip, said, “The statistic that 77 per cent of Indian organisations admit to prioritising business efficiency over cybersecurity is not only alarming but indicative of a broader trend that’s exposing enterprises to increased risk. As companies fast-track their adoption of digital technologies and AI-driven solutions, they’re simultaneously exposing their identity-centric attack surface.”
He added that with the government’s decision to tighten data regulations through the Digital Personal Data Protection (DPDP) rules, businesses are presented with a critical opportunity to fortify trust with their customers. Companies must invest in robust data protection measures and take advantage of cutting-edge technologies such as AI, machine learning, and end-to-end encryption.
Poorly Managed Machine Identities Pose New Risks
Sunil Peter, Vice President – Global IT, Maveric Systems, echoed similar concerns. “The rapid rise of machine identities now outnumbering human ones 82:1 in Indian enterprises poses serious security risks when efficiency is prioritised over protection. These identities often hold privileged access yet remain poorly managed, making them prime targets for attackers exploiting API keys or code-signing certificates,” he said.
Peter also highlighted that with 68 per cent of organisations lacking identity security controls for AI systems, threats like data theft and model manipulation loom large. “Fragmented identity management across teams fuels compliance issues and privilege sprawl, with 70 per cent reporting visibility gaps. As AI-driven attacks shorten breach timelines, cybercrime costs are set to triple, demanding urgent, identity-centric security strategies,” he added.
Identities Have Become The New Perimeter
Neehar Pathare, Managing Director (MD), Chief Executive Officer (CEO) and Chief Information Officer (CIO), 63SATS Cybertech, emphasised that machine identities have become the new perimeter. “While much of cybersecurity discourse has revolved around attack surface management, the most overlooked and fastest-expanding surface is identities — especially machine identities, which now outnumber human ones by 82 to 1. As AI-driven agents and automation reshape enterprise ecosystems, legacy security frameworks fall behind,” he said.
He pointed out that machine credentials, privileged accounts, and service integrations often reside outside centralised identity providers, created ad hoc by teams unaware of security best practices. India, with its booming digital adoption and rapid AI integration, is uniquely vulnerable. The risk is not theoretical, it’s immediate. Securing identities now means protecting business continuity, consumer trust, and national digital sovereignty.
Cybersecurity As A Strategic Asset
Kushal Rastogi, Founder and CEO, Knight Fintech, added another perspective. “Many institutions still see cybersecurity as a cost centre rather than a core enabler of trust. Since we work deep within co-lending, digital lending, and treasury infrastructure, we see firsthand how fragmented integrations and legacy dependencies create hidden vulnerabilities,” he said.
He added, “Security isn’t just about firewalls; it’s about systemic resilience with real-time monitoring, data integrity, and seamless interoperability. In a landscape where trust drives transactions, future-ready banks will be those that treat security as a strategy, not insurance.”
Urgent Need To Align Business Growth With Cyber Resilience
Manish Kumar Goyal, Chairman and Managing Director, Finkeda, highlighted the strategic importance of cybersecurity. “Prioritising cybersecurity is not only a defensive strategy but a strategic necessity in the modern digital world. The CyberArk 2025 Identity Security Landscape report presents an alarming trend. It has resulted in severe vulnerabilities, with 93 per cent having experienced multiple identity breaches in the last year,” he said.
He added, “The hype of AI adoption and digital transformation programmes has grown the identity attack surface, mainly with the spread of machine identities, which remain poorly protected. To address these challenges, organisations must incorporate cybersecurity into their business strategies and foster a culture of security awareness.”
Unless Indian enterprises modernise their identity security strategies urgently, they risk trading short-term efficiency gains for long-term vulnerability and in a rapidly digitising economy, that’s a gamble few can afford.
Article Originally Published in BW BusinessWorld
