CyberArk, a company belonging to Palo Alto Networks, has just published its Security Landscape Report 2026. The report shows that, in the last 12 months, a higher proportion of Spanish organizations than the global average have suffered from identity attacks with successful phishing and vishing breaches, credential theft, compromised privileged access or tokens/API, etc.
The most significant differences are recorded in MFA bypass (with 75% in Spain compared to 58% globally), credential-based attacks (with 81% in Spain compared to 66% globally) and compromised privileged access (with 78% in Spain compared to 64% globally).
The risk grows due to the advance of agentic identities
The report is based on the survey of 2,930 cybersecurity decision makers in public and private organizations in 20 different countries, including SMEs and large organizations from the main economic sectors.
The study reveals the expansion of attack surfaces and the increase in risk, aggravated by agentic identities. According to it, in EMEA, machine identities already outnumber human ones by a ratio of 110 to 1, up from 83 to 1 in 2025, with a 36% increase driven by AI identities. In Spain, this proportion is even higher, with organizations declaring an average of 117 machine identities for every human identity.
The majority of Spanish organizations are concentrated in the highest ranges, with 58% estimating between 101 and 200 machine identities for each human identity, and another 23% stating between 76 and 100. In the next 12 months, EMEA organizations expect an increase in human identities of 64%, in machine identities of 84% and in AI identities of 87%.
The main factors driving this increase in the next 12 months in EMEA will be: AI and LLM, machine identities such as IoT and bots, and the adoption of more cloud applications (with 50%, 47% and 39% of respondents expecting growth in each of these areas, respectively). In Spain, AI and LLM are also the main driver, cited by 48% of organizations, followed by machine identities, with 42%. However, Spanish organizations give less weight than the global sample to the adoption of cloud applications, at 33%, while DevOps methodologies also emerge as a relevant factor, cited by 33%.
Progress in gaps and capabilities
99% of respondents globally say their organization already uses AI agents, and in EMEA, on average 38% of AI agents and 38% of machine identities already have access to organizational data that could include sensitive information. The study also indicates that 90% of organizations globally have experienced at least one successful breach linked to identity in the last 12 months and 80% have suffered 3 or more breaches (in Spain, these data are 97% and 88%, respectively).
Despite this, most organizations still rely on basic identity management measures. In EMEA, only a minority of organizations use behavioral monitoring and credential revocation for their autonomous AI agents (at 43% and 37%, respectively); for conversational AI agents (with 41% and 34%, respectively); and for generative AI agents (with 38% and 35%, respectively).
In Spain, the report points to a gap between trust and effective control: although 94% of organizations claim to be able to identify and contain compromised credentials, tokens or access in minutes, the actual adoption of controls such as behavioral monitoring, credential revocation, immutable audit logs and explainability reporting is below the global average.
82% of EMEA respondents agree that the fragmentation of identity systems and tools is impacting their organization’s ability to detect and respond to these types of threats.
Certificates and post-quantum cryptography increase operating pressure
Security professionals recognize that the complexity of identity is advancing faster than their ability to control it. For example, EMEA is the least prepared region in the world for the impending shortening of certificate lifecycles, with 75% of organizations not having fully automated renewals and monitoring across certificate environments. These risks from incomplete automation are turning operational pressure into financial and security exposure, with a projected economic impact of €213,262 for an organization based in the region.
This operational gap becomes even more relevant in the context of preparation for post-quantum cryptography. In the report, 79% of Spanish organizations acknowledge that they are not prepared to face these challenges, compared to 64% globally.
A path to centralizing identity security
According to the report, the identity risks of most concern to organizations globally, for the remainder of the year, are AI-powered identity threats (highlighted by 55% of respondents), followed by phishing, social engineering and credential theft (highlighted by 24% of respondents) and deepfakes, synthetic identities and impersonations (of concern to 22% of respondents).
The identity risks that organizations are most concerned about are AI-powered identity threats
Among CyberArk’s main recommendations to confront these threats and provide centralized identity security, the identification and centralized management of agents in SaaS, cloud and development environments stands out; applying the principle of least privilege by granting agents access only for the duration of a specific task, and monitoring and auditing their actions, along with eliminating tool silos and automating the identity lifecycle.
“The explosion of machine identities represents a fundamental shift in the enterprise attack surface, and as AI agents increasingly access sensitive data, security managers must move beyond manual processes. The path forward is clear: as machine and AI identities become the primary inhabitants of enterprises, organizations must move from fragmented, manual monitoring to a unified, automated approach to identity security,” said Albert Barnwell, Sales Director, Identity Security Platform. from Palo Alto Networks.
