CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia
Guides
#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
healthtech
Search
Story image
#
Phishing
#
IAM
#
GenAI

Australian firms risk cyber breaches as machine identities soar

Today
Author image
By Melania Watson, Interview Editor

A new report from CyberArk has highlighted a significant rise in machine identities within Australian organisations, with many access points left inadequately secured and an ongoing lag in cyber priorities across the sector.

The 2025 Identity Security Landscape report, based on research involving 2,600 cybersecurity decision makers globally, indicates that Australian organisations are increasingly exposed to risk as a result of this surge in machine-generated identities, which now far outnumber human identities across businesses in the region.

Machine identities, often created through expanding cloud adoption and use of artificial intelligence (AI), present a growing challenge. The study found that there are currently 79 machine identities for every human identity in Australian organisations. Despite this, 92% of local organisations still define a 'privileged user' exclusively as a human, leaving machine identities with privileged or sensitive access under-protected.

"As GenAI and LLMs become a key driver of cybersecurity investment in Australian organisations, there is an urgent need to rethink how identity security is approached. While most security strategies remain focused on human identities, the rapid growth of machine identities – especially those linked to GenAI and cloud environments – is creating a new and often ungoverned layer of risk," said Thomas Fikentscher, Area Vice President for ANZ at CyberArk. "At the same time, compliance pressures are intensifying, and fragmented identity systems are making it harder for organisations to maintain visibility and control over who — or what — has access to critical assets. To truly unlock the benefits of GenAI while maintaining resilience and compliance, organisations must evolve their definition of privileged access and move toward integrated identity security strategies that protect both human and machine identities across the business."

The report reveals that 32% of machine identities in Australia currently hold privileged or sensitive access, yet many remain outside the focus of traditional identity security measures. Security professionals cited unknown and unmanaged identities as the greatest risk to cloud infrastructure and workloads, with 36% identifying this as their top concern. In addition, 41% expect cloud environments to be the primary source of new identities with privileged or sensitive access in the coming years.

Incidents involving identity-related breaches remain prevalent in Australia. In the past year, 35% of organisations experienced breaches related to phishing or vishing, including those involving deepfakes. Meanwhile, 27% encountered compromised privileged access at least twice over the same period.

The integration of AI and large language models (LLMs) within organisations is compounding the challenge, as both sanctioned and unsanctioned adoption accelerate. AI is anticipated to drive the creation of the largest number of new privileged and sensitive identities in 2025. Despite this, 69% of organisations lack identity security controls tailored for AI, and 38% report being unable to secure shadow AI usage within their networks. Key barriers to adopting AI agents are concerns over external manipulation and the potential for sensitive access to be compromised.

The report identifies a further layer of complexity due to fragmented identity security programmes, resulting in reduced organisational resilience.

According to the data, 60% of respondents in Australia consider identity silos to be a root cause of cybersecurity risk within their organisations. Furthermore, 73% of security professionals agree that poor visibility into privileged accounts amplifies cyber risk. A lack of integration between identity and security tools was cited by 65% as a factor undermining overall resilience.

Amid these challenges, the pressure to enhance compliance is intensifying. The study found that 93% of Australian organisations face increasing demands from insurers to impose stricter privilege controls. Most organisations also face additional compliance pressures related to identity and access management.

Australian organisations are aware of gaps in their security frameworks. Over two-thirds (68%) believe that implementing compliance frameworks tailored to their most business-critical assets could drive greater self-regulation and ensure controls are better aligned with the Australian Government's cybersecurity and critical infrastructure requirements.

Despite these risks, the report shows a distinct misalignment of cyber priorities, with three in four Australian organisations (75%) admitting to prioritising business efficiency over robust cybersecurity, even as identity-related breaches persist.

The research was conducted across public and private sector organisations with 500 or more employees, drawing responses from cybersecurity decision makers in multiple countries including Australia, the United Kingdom, Brazil, Canada, and several countries in Europe, Asia, and the Middle East.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Backbase unveils AI platform to boost bank efficiency & growth
Global X launches first AI infrastructure ETF in Australia
Irrelevant data wastes hours daily as workplace AI falls short
Emburse unveils AI-powered mobile app for enterprise expenses
Most organisations eye digital banks as KYC frustrations grow
Top stories
Global study reveals public trust is lagging growing AI adoption
Ramsay Health & Westpac win for AI innovation on Appian
GPs gain new CPD module via MedicalDirector Clinical platform
Konica Minolta unveils AccurioJet 30000 for B2+ printing
Biza.io expands team to boost non-bank lender CDR services