Just 11% of organizations say they are fully prepared to secure AI, while 17% are not prepared at all and 45% are still building governance programs.
Netwrix has released its 2026 Data and Identity Security Report. It is based on responses from 2,317 IT and security professionals representing 1,889 organizations across more than 60 industries worldwide. Respondents by region: North and South America – 68%, Europe, the Middle East and Africa – 23%, and Asia-Pacific – 9%.
In organizations where AI substantially increased the number of identities needing access, 43% experienced a breach during the past twelve months. This compares with 11% among organizations where AI did not significantly alter access patterns. The difference remained even among organizations that were more advanced in essential security practices, such as data visibility and governance of non-human identities.
According to Grady Summers, CEO of Netwrix, organizations where AI increased access experienced breach rates four times higher than those where it did not. He noted that the underlying issue is speed. AI creates identities and accesses data faster than review processes designed around human workflows can keep up, while threat actors can cause impact within seconds. Governance must operate at that pace; otherwise, it becomes a formality rather than an effective control.
2026 Data and Identity Security Report Highlights
of organizations do not fully manage or monitor non-human identities. Compromised identities or misconfigured permissions are involved in 75% of sensitive data exposures, and 76% of organizations are unable to revoke standing access immediately when it is no longer required.
of organizations do not have a consolidated view of sensitive data and the identities permitted to access it. In addition, 70% lack a unified strategy that connects identity management with data visibility, making it difficult to determine what AI is interacting with or who can access it.
of organizations can respond at the speed of threat actors. Nearly 63% need between one and three days to remediate identified risks.
was the breach rate reported by organizations with 500 to 999 employees, the highest rate across all company-size segments. By industry, the highest breach rates were reported in technology, healthcare, and construction.
A brief look at how much data breaches are costing organizations in 2026: In North America, 24% of breached organizations reported losses of at least $100,000 over the past year. Another 12% reported losses exceeding $250,000.
Download the full report via this link.

Data, Identity & AI Security Assessment
Netwrix also introduced the Data, Identity & AI Security Assessment, a free benchmarking tool designed to evaluate organizations across 12 security dimensions and five maturity levels for AI readiness. Participants receive a tailored evaluation of their current security posture, primary exposure areas, and recommended next steps.







