Identity compromise is emerging as a key factor in cyber risk for Australian organisations, with security specialists and intermediaries linking credential-based attacks to higher incident volumes, operational disruption, and changing cyber insurance dynamics.
Brett Chase, director of sales engineering, APJ at Cohesity, said many cyber incidents in Australia can now be traced back to how organisations manage and secure identity. “Identity is at the core of today’s cyber threat landscape. Nine out of 10 cyberattacks now start with identity through compromised credentials or misused identities. In Australia, the rise of materially significant cyber incidents makes it clear that weak or inconsistent identity management practices remain a major but preventable root cause,” Chase said, as reported by SecurityBrief Australia.
Chase said many organisations still approach identity management through the lens of human users, role-based permissions, and application access, a model that no longer reflects how current environments operate. “Historically, identity management has been viewed through a narrow, human-centric lens, focused on employee access controls, enforcing role-based permissions, and ensuring workers have the right level of access to applications and data. But that view is now outdated,” he said.
According to Chase, attackers are relying on social engineering and credential misuse to establish an initial foothold. Techniques include phishing, password spraying, multi-factor authentication fatigue, and credential-stealing malware. “The reality is that this no longer reflects today’s digital environments. When identity controls are weak, attackers exploit the gaps using social engineering, credential theft, and technical exploits. Techniques such as phishing, password spraying, MFA fatigue, or credential-stealing malware allow attackers to gain an initial foothold. Once inside, they impersonate legitimate users, escalate privileges, and move laterally across networks, often undetected, to gain access to critical systems and data,” he said.
Chase also pointed to a rise in non-human identities as organisations deploy generative AI, automation, and emerging agentic systems. These machine-based identities – including scripts, workloads, and AI agents – can interact with data at speed and scale. “The rapid adoption of generative AI, automation, and emerging agentic systems has also increased the prevalence of non-human identities such as scripts, workloads, and AI agents that can access and act on data at speed. Without proper governance and controls, these non-human identities can become an unmonitored pathway for attackers,” he said.
Chase said identity-related compromises are affecting revenue, customer retention, and legal exposure in Australian enterprises. Citing Cohesity’s latest Cyber Resiliency Report, he said 85% of Australian enterprise businesses experienced a materially impactful cyberattack in the past year, with 90% reporting revenue loss and more than 30% losing over 10% of revenue. The research also found that 41% of organisations lost customers and more than half faced lawsuits or class-action litigation after cyber incidents.
Identity management is also intersecting with supply chain operations, according to Alan Win, founder and chief executive officer at Middlebank Consulting Group. “Identity management is playing a bigger role in supply chains, though many organisations still treat it as a compliance checkbox. In practice, unclear access or limited visibility can create knock-on effects across partners and processes. Companies that use identity management day to day often notice practical improvements. Onboarding runs smoother, errors are caught earlier, and oversight becomes more tangible. Digital credentials and traceable interactions help, but they are only part of the story. Human judgment and constant attention remain critical. When identity management is treated as both a safeguard and an operational tool, supply chains become easier to manage and less prone to unexpected disruption,” Win said, as reported by SecurityBrief Australia.
Recent reporting from the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) indicates that identity-related crime and credential misuse remain central in the local threat picture. In FY2024-25, ASD’s ACSC answered more than 42,500 calls to the Australian Cyber Security Hotline, a 16% year-on-year increase, and responded to over 1,200 cyber security incidents, up 11% from the previous period. The centre issued more than 1,700 notifications of potentially malicious activity to entities, an 83% rise.
Identity fraud was the leading reported cybercrime category and increased by 8%. Cybercriminals continued to obtain and trade stolen usernames and passwords to access email, social media, and financial accounts. State-sponsored actors, cybercriminals, and other groups also targeted government, critical infrastructure, and business networks, with critical infrastructure entities receiving more than 190 notifications of potential malicious activity, up 111% on the prior year.
Average self-reported losses grew for individuals and organisations, with average costs for businesses rising 50% to $80,850 per report. Denial-of-service and distributed denial-of-service incidents increased, and ransomware featured in about 11% of incidents to which ASD responded. ASD reported that broader use of artificial intelligence is likely to support larger-scale and quicker attacks, while malicious actors continue to exploit vulnerabilities in internet-facing systems and use “living off the land” techniques that resemble legitimate activity.
In this environment, Gallagher’s Cyber Insurance Market Outlook Q1-2026 for Australia notes continuing demand for cyber cover as organisations adjust to threat trends and regulatory developments. Globally, the broker estimates that the cyber insurance market, valued at US$16 billion to US$20 billion in 2025, could grow to US$30 billion to US$50 billion by 2030. Asia-Pacific, including Australia, is expected to record higher growth than some other regions due to rapid digitisation, regulatory changes, and lower historic take-up.
In Australia, Gallagher describes current conditions as supporting buyers, with competitive pricing and generally modest premium reductions, although results vary by sector and risk profile. Industries such as healthcare are seeing more constrained capacity, reflecting their claims experience. “The Australian cyber insurance market continues to evolve, reflecting the dynamic cyberthreat landscape and advancements in technology. While buyer-friendly conditions persist with slight premium reductions expected, outcomes remain highly dependent on the security controls, governance, and cyber strategies implemented by organisations,” said Robyn Adcock, national placement manager, cyber and technology at Gallagher.
Insurers are using external vulnerability scanning and targeted questions to assess controls, with particular attention to identity governance, multi-factor authentication, incident response capabilities, and board oversight. Coverage terms remain broadly consistent, though some carriers maintain restrictions around system failure, supply chain interruption, and certain privacy risks. “Cyber insurance provides balance sheet protection; however, to fully optimise the value, preventative risk management services and incident response planning/testing are critical,” said Klaus Lejon, Australia national lead cyber and technology, professional and financial risks at Gallagher. The interaction of identity compromise, AI-enabled social engineering, supply chain exposure, and increasing loss severity is elevating identity controls as a focal point in both underwriting assessments and insureds’ cyber risk programs.
