Identity, Data Security Converging Into Trouble for Security Teams: Report

The traditional divide between identity and data security is closing rapidly, and that’s bad news for security teams, according to a report released Tuesday by a provider of identity and data security solutions.

“[T]he next phase of cybersecurity disruption will come from adversaries scaling identity attacks to compromise data security as agentic AI becomes more prominent,” Netwrix, of Frisco, Texas, predicted in its forecast of trends that will be shaping cybersecurity in 2026 and beyond.

By 2026, identity security will see significant expansion in workflow orchestration and automation across provisioning, token validation, and privilege management, according to the report, based on research into real-world identity attacks and data-exposure paths observed by Netwrix researchers.

These workflows now determine who and what can access sensitive data, meaning failures in identity automation translate directly into data exposure risk, the report explained.

Adversaries are shifting their focus from individual credentials to identity orchestration, federation trust, and misconfigured automation, it continued. Since access to critical data stores starts with identity, unified visibility across identity and data security is required to detect misconfigurations, reduce blind spots, and respond faster.

That shift, experts warned, dramatically increases the potential impact of identity failures.

Expanding Blast Radius

“Identity orchestration, federation trust, or faulty automation allow attackers to circumvent controls, have a bigger blast radius and more options for attacks,” said Netwrix Vice President for Security Research Dirk Schrader.

“Attackers go after identity orchestration because it’s the leverage point that decides who gets access, when, and under what conditions,” he told TechNewsWorld. “Stealing one set of credentials yields limited reach and is often neutralized by MFA [multifactor authentication] or password resets.”

“Compromising the orchestration layer lets an attacker mint or hijack trusted sessions and tokens at scale, bypass controls by changing policy, and persist by creating new privileged identities or OAuth apps,” he continued.

“The impact becomes one-to-many across cloud and SaaS, and the activity can look legitimately ‘compliant’ in logs,” he added.

Michael Bell, CEO of Suzu Labs, a provider of AI-powered cybersecurity services, in Las Vegas, explained that identity orchestration controls who gets credentials, how they’re issued, and what they can do with them. “Attackers have figured out that compromising the system that grants access beats stealing individual keys,” he told TechNewsWorld.

“Federation trust is particularly attractive because you compromise one identity provider and inherit trust across every system that federates with it,” he said. “Misconfigured automation is low-hanging fruit because most organizations rushed to deploy it without securing the service accounts and API tokens that make it run.”

AI Amplified Failure

The Netwrix researchers also found that the dependency between identity security and data security becomes more pronounced as AI-driven automation operates continuously and at scale.

AI automation is often a chain of agents, Schrader explained. “Each agent is a non-human identity that needs lifecycle governance, and each step accesses, transforms, or hands off data,” he said. “That means a mistake in identity governance — over-permissioned agent, weak token control, missing attestation — immediately becomes a data security incident — at machine speed and at scale — because the workflow keeps executing and propagating access and data downstream.”

“As AI automation runs continuously, authorization becomes a live control system, not a quarterly review,” he continued. “Agent chains amplify failures. One over-permissioned non-human identity can propagate access and data downstream like workflow-shaped lateral movement. Non-human identities sprawl fast via APIs and OAuth. Data risk also shifts dynamically as agents transform and enrich outputs.”

At scale, a small policy mistake becomes a massive data movement event, added Ensar Seker, CISO of SOCRadar, a threat intelligence company in Newark, Del. “The risk isn’t only malicious AI, it’s amplified mistakes — over-permissioned agents, weak scoping, stale privileges, over-broad connectors and missing guardrails on where data can flow,” he told TechNewsWorld.

AI consumes and acts on data continuously, and automated pipelines and models need broad, often real-time access to data, access that’s granted and scoped via identity, explained Nathan Vega, head of product marketing at Starburst, a data and analytics platform company in Boston.

“Risk multiplies with automation,” he told TechNewsWorld. “A compromised service identity can cause automated data exfiltration, model poisoning, or large-scale misconfiguration in seconds, which is far faster than manual attacks.”

Shifting Insurance Perspectives

The researchers also reported that cyber insurers are shifting how they assess risk and set pricing. “Cyber insurers are shifting assessment and pricing because the old ‘once-a-year questionnaire’ model didn’t predict real losses,” Netwrix’s Schrader said.

“Ransomware, systemic zero-days, cloud concentration, and third-party cascades create correlated, fast-changing risk — so self-attestation ages badly and pricing gets exposed,” he continued. “That’s why many insurers are moving toward evidence-based underwriting with configuration and control signals, vulnerability and patch cadence, backup recoverability, and incident response maturity.”

One area that will come under increased scrutiny from insurers is network-edge vulnerability. “In 2025, cyberattacks targeting VPNs and firewalls skyrocketed in speed, volume, and size of ransoms demanded,” explained Paul Asadoorian, principal threat researcher at Eclypsium, a supply chain security provider in Portland, Ore.

“The trend of network device vulnerabilities being exploited will drive cyber insurers to require more rigorous protections of these devices,” he told TechNewsWorld. “This could include compensating controls such as monitoring the VPN gateways directly, as well as audits of their configuration to assure they are secure against attacks.”

“The report is absolutely right that the cyber insurance industry is changing how they think about incidents,” added Arvind Parthasarathi, founder and CEO of Cygnvs, a multinational cyber incident response solutions company.

“In the past, the idea was that a customer or a policyholder would never have a claim,” he told TechNewsWorld. “Now the world is shifting to where there’s literally no amount of money that an organization can spend to guarantee that they will never have a major event or a breach.”

Insurance Market Hardening

Rich Seiersen, chief risk technology officer at Qualys, a provider of cloud-based IT, security, and compliance solutions in Foster City, Calif., pointed out that in the year ahead, most analysts anticipate moderate hardening of the insurance market with gradual premium increases, more selective underwriting, and closer attention to security controls.

“However, it’s doubtful that we’ll return to the severity of previous hard markets, when applicants faced comprehensive questionnaires and long-lasting underwriting delays,” he told TechNewsWorld.

He conceded, though, that a major wildcard is the possibility of a systemic cyber event—a cloud outage, a widespread supply-chain compromise, or a high-impact ransomware wave that hits many insureds at the same time. “An event like that could push the market into a sharper hardening cycle,” he said.

“Still,” he added, “it’s imperative to recognize that insurance pricing is shaped just as much by macroeconomic factors, such as interest rates, capital flows, and reinsurance pricing, as it is by cyber-specific incidents. Losses matter, but wider financial conditions often dominate the cycle.”

Important Security Shift

Starburst’s Vega noted the Netwrix report highlights an important shift: the security problem is increasingly about where control is enforced (identity, policy, governance) rather than purely about detection or telemetry volume. “Organizations should treat identity-orchestration, federated governance, and automation-hardening as first-order security problems, not afterthoughts,” he said.

“Investing in policy-aware, federated data access, strong identity lifecycle and runtime controls, and robust vendor-continuity planning will be the practical differentiators over the next three to four years,” he added.

The strongest takeaway from the report is that identity and data security can’t be treated as separate programs anymore, maintained SOCRadar’s Seker. The control plane (identity) and the asset (data) are now coupled by automation, human and machine.

“If you don’t have unified visibility into which identities can touch which sensitive data, through which workflows, you’ll keep losing to misconfigurations, over-permissioning, and fast-moving identity abuse,” he said.

“The report correctly identifies that identity and data security are converging into a single problem space,” added Suzu’s Bell. “The organizations struggling most are the ones still treating them as separate disciplines with separate teams and separate budgets.”

“The real AI risk isn’t autonomous attacks,” he said. “It’s the attack surface you’re building by deploying AI without governing the identities and data access those systems require to function.”