77% of Indian organizations admit efficiency trumps cybersecurity; 85% face mounting pressure to secure privileged access
As Indian enterprises double down on digital transformation, a new global study by identity security leader CyberArk warns of an expanding identity-centric threat surface—driven by the unchecked growth of machine identities and AI adoption. The 2025 Identity Security Landscape report reveals that while businesses embrace innovation, security often takes a backseat, leaving them vulnerable to sophisticated cyber threats.
In India, 77% of organizations acknowledged prioritizing business efficiency over cybersecurity, even as 68% cited AI and cloud adoption as drivers of unmanaged access risks. Notably, machine identities now outnumber human users by 82 to 1, with nearly half having privileged or sensitive access—many of which remain unmonitored or uncontrolled.
“India’s AI acceleration demands a security-first mindset to protect both human and machine identities,” said Rohan Vaidya, Area Vice President – SAARC & India, CyberArk. “Organizations must modernize their identity security strategies to combat growing risks and ensure business continuity in a complex threat landscape.”
Key Findings Specific to Indian Enterprises:
- 77% say business outcomes are prioritized over cybersecurity investments
- 68% identify identity silos as a root cause of security risk
- 85% report increased regulatory and insurance-driven pressure to enhance privileged access controls
- Human and machine identities—many with sensitive privileges—are expected to double in 2025
AI and Privilege Sprawl: A Looming Challenge
Globally, the study found that 68% of organizations lack identity security controls for AI environments, and 37% are unable to manage shadow AI adoption internally. The rise of agentic AI systems and large language models (LLMs) poses a new risk category, where unsanctioned AI tools may gain unauthorized access to sensitive data or critical systems.
“India’s AI acceleration demands a security-first mindset to protect both human and machine identities.” — Rohan Vaidya, Area VP, CyberArk
Additionally, 76% of organizations reported experiencing at least two identity-related breaches in the past year. These ranged from phishing and deepfake-enabled vishing attacks to third-party identity compromises, all highlighting the urgency for action.
The Road Ahead: Zero Trust and Continuous Governance
To address this evolving threat landscape, CyberArk recommends a comprehensive, identity-first security strategy:
- Apply Zero Trust principles across human and machine identities
- Enforce real-time privilege controls and continuous monitoring
- Break down identity silos to improve visibility and response
- Align with frameworks such as the OWASP API Security Top 10
The 2025 Identity Security Landscape is based on insights from 2,600 cybersecurity decision-makers across 20 countries, including India, and reflects trends across sectors from finance and healthcare to technology and manufacturing.