New research from Rubrik Zero Labs shows that organisations in Singapore are facing a widening gap between the rapid growth of identity-based threats and their ability to recover from compromises. The increasing use of AI agents across business functions has led to a sharp rise in non-human identities and agentic identities, creating new risks for CIOs and CISOs.
The report, Identity Crisis: Understanding and Building Resilience Against Identity-Driven Threats, notes that enterprises are taking clearer steps to strengthen identity resilience as AI adoption accelerates. Security leaders warn that even advanced tools cannot prevent the impact of a socially engineered breach if attackers gain access to administrative credentials. Andrew Albrech, Chief Information Security Officer at Dominos, said identity resilience is now essential, adding, “I could have unlimited amounts of technology in place. But if someone socially engineers our support desk to hand over admin passwords, that’s the end of the game.”
Singapore organisations are already reacting to these pressures. According to the study, 90% plan to hire dedicated professionals within the next 12 months to improve identity management and security. A further 94% intend to change their Identity and Access Management provider, with 58% citing security concerns as the main reason. Rubrik notes that the rising reliance on AI tools has raised the stakes for businesses that must manage access rights for both human and machine identities.
Rubrik’s Vice President for APAC, Ananth Nag, said traditional security boundaries are no longer sufficient. He explained that “since a single compromised credential can breach an organisation’s most critical data, traditional security boundaries are no longer enough,” adding that markets like Singapore, where innovation moves quickly, need stronger approaches to identity resilience using real-time intelligence.
AI agents intensify identity security challenges
The adoption of AI agents is reshaping the identity landscape, with non-human identities far outnumbering human users. Industry figures referenced in the report suggest that NHIs now exceed human identities by 82 to 1. As companies embed AI agents deeper into workflows, securing these identities becomes as important as securing those of employees.
Rubrik’s findings show that 92% of respondents in Singapore have already integrated AI agents into their identity infrastructure, either fully or partially. Another 7% plan to do so soon. At the same time, nearly half of Singapore IT security decision makers expect that 50% or more of the cyberattacks they face in the next year will involve agentic AI. This shift reflects both the growing reliance on automated systems and the speed at which attackers are exploiting new tools.
Declining confidence in recovery strategies
While identity threats are increasing, confidence in recovery capabilities is weakening. Only 20% of Singapore respondents believe they could fully recover from a cyber incident in 12 hours or less in 2025. This marks a significant drop from 52% in 2024. Most organisations now expect recovery to take much longer, with 64% believing full-service operations would require at least two days after an identity-led compromise.
Financial impact remains another concern. Among those hit by ransomware in the past year, 97% reported paying a ransom either to restore data or halt an ongoing attack. The report emphasises that IAM tools alone are no longer enough to address these risks. CIOs and CISOs are encouraged to develop full identity resilience strategies that focus on preparation for inevitable attacks, rather than relying solely on preventive measures.
The Rubrik Zero Labs findings reflect a broader industry shift as enterprises reassess the balance between security, AI-driven automation and recovery capabilities. Identity resilience, rather than identity management alone, is emerging as a priority as the volume of machine-led activity grows across corporate environments.
