Identity-Related Breaches Hit 79% of SA Firms, Report Says

In Short

• Identity-related breaches are rising in South Africa, with 79% of organisations reporting at least three successful incidents in the past 12 months.
• CyberArk data points to fast growth in machine identities and AI agent identities as a key driver.
• Certificate management, which keeps encrypted connections trusted, is a weak spot for many teams.

What Happened

CyberArk’s Identity Security Landscape Report 2026 says 79% of South African organisations experienced at least three successful identity-related breaches in the last 12 months. Identity-related breaches are incidents where attackers misuse a login, token, API key, or certificate, instead of breaking in through a traditional software bug.

The report links the rise in breaches to the growth of “agentic” and machine identities. An AI agent is software that can take actions on its own, like a chatbot that can also trigger workflows. A machine identity is a non-human login used by apps, servers, bots, IoT devices, and automated scripts.

CyberArk says 94% of businesses have already deployed AI agents. It also reports that machine identities now outnumber human identities by 92 to 1. Respondents expect machine identities and AI agent identities to grow fastest over the next year, at 84% and 82%.

The report highlights the main drivers of identity growth. These include more machine identities like bots and IoT (53%), increased cloud app usage (52%), and more AI and large language model use (51%).

It also flags certificate lifecycle pressure. Certificates are digital ID cards used to prove a system is trusted, similar to an expiry date on a passport. South Africa is among the least prepared for shorter certificate lifecycles, with 80% not fully automating renewals and monitoring across all environments. Businesses expect an average financial impact of about $248,051, or roughly R4.1 million, from certificate-related failures.

Why It Matters

For African enterprises scaling cloud systems and automation, identity security is becoming a day-to-day operational problem. The report says 93% of businesses have experienced an identity-related breach, which suggests the issue is widespread and recurring.

The findings also matter for budgets and governance. 97% of security leaders say cyber insurance requirements have directly shaped identity security investment decisions in the past year. That can push companies to adopt stronger controls, or risk higher premiums and reduced coverage.

Finally, access sprawl is a real risk. The report says 41% of AI agents and 43% of machine identities have access to organisational data on average. That raises the stakes for visibility, access controls, and faster credential shutdown when something goes wrong.