Majority of Cyber Incidents Driven by Identity Compromise, New Report Reveals

Field Effect's 2026 Cyber Threat Outlook

On March 10, 2026, Field Effect, a global leader in cybersecurity, unveiled their 2026 Cyber Threat Outlook. This report indicates a significant shift in cybercriminal strategies, revealing that more than 80% of cyber incidents investigated in 2025 were linked to compromised cloud identities. This alarming statistic emphasizes the growing prevalence of identity-based attacks, which are increasingly becoming the preferred method of entry for cyber adversaries.

Identity Compromise as a Dominant Threat

According to Field Effect’s telemetry data and frontline investigations, cyber attackers are leveraging trusted identities instead of traditional vulnerabilities to infiltrate corporate networks. Earl Fischl, Director of Security Services at Field Effect, highlighted that many breaches occurred without exploiting any security flaws; instead, attackers simply logged in using legitimate credentials. By gaining access to trusted accounts, attackers can easily blend into the regular activities of the organization, making detection significantly more challenging.

The implications of these findings are vast, suggesting that organizations need to reassess their security protocols surrounding identity management. It’s evident that identity has emerged as a critical attack surface that requires immediate attention and enhanced protective measures.

Exploitation of Trusted Platforms

The report elaborates on how cybercriminals are increasingly abusing legitimate collaboration tools. Commonly used platforms, such as Microsoft Teams and Zoom, have become prime targets for attackers aiming to deliver malware or gain unauthorized access. Field Effect noted one campaign where threat actors masqueraded as internal IT support, creating fraudulent Microsoft 365 tenants to execute strategic phishing attacks. This approach not only deceived employees into providing remote access but also enabled attackers to deploy malware seamlessly using PowerShell tools.

Such incidents typically led to serious outcomes, including credential harvesting and deployment of ransomware, underscoring the dire risks associated with the misuse of collaborative platforms in corporate settings.

The Role of AI in Modern Attacks

Another critical insight from the report is the role of generative AI in the evolution of cyber threats. Cybercriminals have begun utilizing AI to develop more sophisticated phishing schemes and automate the reconnaissance process. Fischl remarked that while AI did not necessarily introduce new attack vectors, it significantly accelerated the existing techniques, making them easier to scale and execute.

The integration of AI into the toolkit of cyber adversaries signifies a need for organizations to stay ahead of this technology to mitigate its impacts on their security landscape.

Edge Infrastructure Under Siege

Besides identity theft, Field Effect’s report highlights ongoing assaults targeting edge infrastructure such as VPNs, routers, and other internet-facing systems. One extended campaign exploited vulnerabilities in SonicWall SSL VPN appliances, demonstrating how previously exposed credentials could be reused to breach high-privilege systems effectively. The attackers displayed a pattern of combining credential reuse, delayed security patching, and the exploitation of exposed edge systems to sidestep conventional defenses.

Geopolitical Impacts on Cyber Threats

Moreover, the report emphasizes that geopolitical tensions have continued to shape the cyber threat landscape. It noted an increase in espionage and access operations by state-aligned actors, which greatly overlaps with the tactics used by ransomware groups and hacktivists. This convergence has led to a complex web of motives that fuel various cyber-attacks, affecting critical infrastructure and public sector organizations alike.

Actionable Insights for Organizations

Fischl concluded with a pivotal note on what organizations can do to counter these growing threats. While businesses may not be able to control the attackers' motives or capabilities, they can mitigate risks by enhancing identity security, improving visibility throughout their networks, and addressing vulnerabilities in their infrastructure.

The 2026 Cyber Threat Outlook by Field Effect serves as a crucial guide for organizations aiming to navigate the increasingly complex cyber threat landscape. With a focus on identity security and AI, businesses can better position themselves against potential breaches and maintain resilience in the face of rising cyber risks.

For those interested in diving deeper into these findings, the full report is available for access through Field Effect’s website.