93% of Indian Firms Hit by Identity Breaches

A report on Identity Security Threat Landscape revels, 93% of Indian organizations suffered two or more identity-related breaches in the past year—largely driven by phishing, compromised credentials, and weak machine identity controls. Globally, nine in ten firms reported similar breaches.

Machine identities—used by apps, services, and AI systems—are now seen as the fastest-growing and riskiest identity type due to multi-cloud adoption and AI deployments. Yet, only 46% of Indian firms recognize both human and machine users with sensitive access as “privileged,” exposing critical systems to attack.

The report highlights that 50% of organizations expect identities to triple in the next year, with 83% of Indian firms planning to use three or more cloud service providers. Meanwhile, 99% are deploying AI for cybersecurity defense, though 93% believe it introduces new cyber risks.

Deepfakes and phishing remain threats: 88% of Indian organizations faced successful phishing or vishing attacks, despite 84% of security teams expressing confidence in spotting deepfakes.

As identity threats surge, the report urges a unified identity security strategy, stronger machine identity controls, AI-enabled defenses, and compliance with India’s DPDPA 2023 to prevent future breaches and penalties.