The Verizon 2025 Data Breach Investigations Report (DBIR) reveals that third-party exposure and machine credential abuse are driving some of the most severe data breaches.

Third-party involvement in breaches doubled from 15% to 30% year-over-year, while attackers increasingly exploit ungoverned machine accounts to access systems, escalate privileges, and steal sensitive data. These trends underscore the need for organizations to extend robust identity governance beyond employees to include non-employee and machine identities.

Third-party relationships with vendors, contractors, and partners create efficiency but also expand identity ecosystems, often leaving ungoverned accounts vulnerable. The DBIR notes breaches across industries like healthcare, finance, and manufacturing due to poor lifecycle management, such as active contractor accounts with excessive privileges. Similarly, machine identities—service accounts, bots, APIs, and AI agents—are growing rapidly without oversight, fueling credential-based attacks and ransomware. The report emphasizes that traditional identity security tools, focused on humans, are ill-equipped for this scale.

To counter these threats, the DBIR advocates a unified identity security strategy that governs all identities—human, non-employee, and machine—with equal rigor. Fragmented approaches create exploitable gaps, and breaches tied to third-party and machine accounts are outpacing those involving employees. Solutions like SailPoint’s Atlas platform offer consolidated governance, enhancing visibility and security across complex enterprise environments. For deeper insights, SailPoint’s whitepaper “Who’s Watching the Machines?” and a three-part article series explore the evolving role of machine identities and the urgent need for modern governance models.