As organizations expand their digital ecosystems, identity has become a central axis of cybersecurity. A new study shows that while companies are investing heavily in Identity Attack Path Management (APM), many are still struggling to translate visibility into consistent risk reduction—especially as AI accelerates the growth of non-human identities.
The management of identity-related risks is moving to the forefront of enterprise cybersecurity. According to recent research by SpecterOps based on a global survey of more than 500 cybersecurity decision-makers, Identity Attack Path Management (APM) is transitioning from a niche capability to a core component of security strategy.
A key indicator of this shift is budget allocation. Three quarters of surveyed organizations report increased spending on identity security compared to the previous year. This rise outpaces investment in other security domains, suggesting that identity risk is no longer treated as a secondary concern but as a structural challenge requiring dedicated resources.
At the same time, visibility into attack paths has become a strategic priority. Nearly half of respondents identify the need to understand privilege relationships and potential attack chains as one of their top cybersecurity objectives. This focus reflects a broader recognition that modern attacks often exploit interconnected identities rather than isolated vulnerabilities.
Adoption of Identity APM tools is also accelerating. More than one third of organizations have already implemented solutions, while others are actively evaluating them. Automated discovery of attack paths is becoming more common, indicating a shift from theoretical awareness to practical application.
However, the research highlights a gap between adoption and operational maturity. While tools can provide visibility, they do not automatically ensure effective risk reduction. Many organizations report challenges in prioritizing remediation efforts, integrating tools into existing workflows, and maintaining continuous oversight of identity-related risks.
The growing use of artificial intelligence is intensifying these challenges. As companies deploy AI agents and automated workflows, the number of non-human identities—such as service accounts and machine credentials—is expanding rapidly. These identities often operate with elevated privileges and can introduce new attack vectors if not properly governed.
The complexity introduced by AI is not only technical but also organizational. Security teams must manage a larger and more dynamic network of trust relationships, where access rights can propagate across systems in unpredictable ways. This increases the importance of understanding how attack paths evolve over time.
In response, organizations are beginning to shift their focus from visibility to action. Risk-based prioritization is emerging as a central practice, with many teams using scoring models to determine which vulnerabilities to address first. Continuous monitoring is also gaining traction, replacing periodic assessments with ongoing evaluation cycles.
Despite this progress, operational gaps remain. Integration with existing security tools, automation of remediation processes, and availability of skilled personnel continue to limit effectiveness. These challenges indicate that Identity APM is not simply a technology deployment but a broader transformation involving processes, governance, and organizational alignment.
The study also shows that maturity varies across industries. Financial institutions tend to emphasize continuous evaluation and formalized processes, while healthcare organizations focus more on practical remediation guidance. Energy and utility sectors face distinct pressures related to scalability and system integration.
Overall, the findings suggest that identity security is entering a new phase. The initial focus on awareness and tool adoption is giving way to the more complex task of building sustainable operational practices. As AI continues to expand the identity landscape, organizations will need to strengthen their ability to manage interconnected risks in a dynamic environment.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de