Identity-Based Cyberattacks Surge Among German Companies in 2025, Raising Financial and Security Concerns

A recent report by Sophos titled "State of Identity Security 2026" reveals alarming trends in cybersecurity risks faced by German companies, with 62% experiencing at least one identity-related security incident in 2025. Globally, 71% of companies were affected, averaging three incidents per organization, and 5% reporting six or more breaches. Identity theft has emerged as the dominant attack vector, closely linked to 67% of ransomware cases, making it the most critical security challenge for enterprises today.

These incidents carry severe financial repercussions, with average recovery costs soaring to $1.64 million and 73% of victims incurring expenses exceeding $250,000. Key consequences include data theft (49%) and ransomware attacks (48%). The report highlights significant transparency gaps, noting that only 24% of companies continuously monitor unusual login attempts, while 14% couldn't detect their most severe identity-based attack until after damage occurred.

Critical sectors such as energy, oil and gas, and utilities reported an 80% breach rate, underscoring vulnerabilities in vital infrastructure. Moreover, companies struggling with regulatory compliance faced even higher breach rates of 82.4%. Human error accounted for 43% of attacks, complemented by poor management of non-human identities contributing to 41%. Sophos CISO Ross McKerchar emphasized that the growing permissions granted to non-human identities outpace security teams’ ability to track them, aggravating risk.

The report recommends implementing multi-factor authentication, enforcing the least-privilege principle, and robustly managing non-human identities to mitigate identity theft risks. The findings are based on a survey of 5,000 IT and cybersecurity professionals across 17 countries, providing crucial insight for German companies confronting evolving cyber threats.

This data shines a stark light on the urgency for improved identity security measures in Germany, where even high-value companies remain vulnerable to sophisticated identity-centric cyberattacks.