Identity-related security incidents at company level are on the rise

The study shows that machine identities in Germany currently outnumber human identities by a ratio of 109:1. Companies in Germany are expecting significant growth in all identity categories over the next twelve months:

• Human identities (63 percent expect growth here)
• Machine identities (87 percent expect growth here)
• AI agents (86 percent expect growth here)

The main drivers for the increase in identities over the next twelve months are considered to be AI & LLMs (50 percent), machine identities such as IoT and bots (40 percent) and company growth (36 percent). This sets Germany apart from the EMEA average, where the introduction of cloud solutions ranks third among the growth factors at 39%. As digital expansion has long since overtaken personnel growth as the main driver of identities, companies need to fundamentally realign their identity risk management. The pressure to ensure transparency, control and governance over an increasingly complex identity structure is growing accordingly.

At company level, identity threats are no longer an exception but an operational reality: 91% of companies in the EMEA region - and as many as 93% in Germany - have already been affected by an identity-related security incident. Security managers admit that the complexity exceeds the existing controls. The EMEA region is the least prepared in the world for the impending shortening of certificate expiry dates: 75 percent of companies do not fully automate renewal and monitoring in all certificate environments. These automation gaps turn operational pressure into financial and security-related risks - the expected financial loss for a company in Germany amounts to 237,864 euros. This puts Germany well above the EMEA average of EUR 213,262.

Further key findings

In Germany, almost 43 percent of AI agents and 37 percent of machine identities have access to company data - including potentially sensitive information such as financial figures or critical systems.

Behavioral monitoring and access deprivation are only used by a minority of companies - 41 percent and 35 percent respectively for autonomous AI agents, 38 percent and 30 percent respectively for conversational AI agents, and 32 percent and 38 percent respectively for generative AI agents.

85% of respondents in the EMEA region state that fragmented identity systems slow down or hinder the detection and response to identity-related threats in their company. As a result, German companies have a response time that is almost twelve hours longer.

Fabian Hotarek, Director Solutions Engineering at Palo Alto Networks, says: "The rapid growth of machine identities represents a fundamental shift in the enterprise attack surface. AI-driven identities will continue to grow in the coming year - and the complexity that comes with it increasingly exceeds what traditional security controls can achieve. The fact that 80 percent of companies in Germany have been affected by at least three successful identity-related security incidents makes it clear that manual processes are no longer a viable answer, especially when AI agents are accessing increasingly sensitive data. Companies must rely on end-to-end automation and uniform governance - otherwise the risks posed by AI and machine identities will continue to escalate."

As machine and AI identities increasingly dominate companies, manual management is no longer enough. A ratio of 109:1 can only be managed with a platform-based strategy that secures all identities - human, machine or agent-based - in a uniform manner and keeps pace with the threat situation.