On average, 40% of AI agents and 40% of machine identities already have access to organizational data.

90% of respondents agree that AI agents should operate under least privilege principles, with bounded access and tighter controls.

91% believe they can rapidly contain compromised AI agents.

On average, only 39% of privileged access is managed through a just-in-time (JIT) or zero standing privilege (ZSP) model.

Among C-suite respondents, 54% believe their organization is completely effective at continuously enforcing least privilege, while 61% of the practitioners doing the work disagree.

96% of respondents report that human identities operate with access far beyond what is required for their roles.

42% of the human workforce has direct access to organizational data.

84% of respondents believe their organization could at least moderately improve awareness of the permissions and access granted to connectors and service accounts.

56% of organizations report that they can’t effectively enforce continuous least privilege for service accounts across cloud, SaaS, and on-premises environments.

64% of organizations still report they are not yet prepared to defend against quantum-enabled threats.

86% agree that they will need external help to become quantum ready.

71% of organizations don’t fully automate certificate renewal and monitoring across all environments.

98% report challenges securing PKI.

49% of organizations include third-party applications in their current patching process.

Automation is the top patch modernization investment priority for 76% of organizations in 2026.

More than 60% of organizations rely on manual processes in at least part of the patch lifecycle.

Downtime costs an organization $95 million in lost revenue annually, nearly double the level in 2024.

81% of technology leaders cite customer loss as a consequence of downtime.

89% of tech leaders cite the need for large numbers of personnel to fix downtime issues.

Only 38% of technology executives consistently identify the root cause of a downtime incident.