- SailPoint report shows UK firms neglect identity security
- 77% fail to deactivate ex-employee accounts, fueling credential abuse
- Outdated manual processes leave thousands of users and AI agents unmanaged
Businesses in the UK are putting themselves at plenty of risk, thanks to poor cyber-hygiene and not paying enough attention to identity and access management. This is according to a new report from SailPoint, based on a survey of 333 IT decision makers from large organizations in the country.
The survey found that the vast majority of businesses (77%) do not immediately deactivate digital accounts for people who leave the organization. This creates a security gap that can be abused not just by former employees (who can steal sensitive files and transfer them to a different company), but also by cybercriminals, since these accounts are unmonitored and thus practically invisible.
SailPoint says the problem is even worse than it seems, since a fifth (21%) of the entire UK workforce swapped jobs last year. It also said that incidents stemming from compromised credentials surged by 160% year-on-year, showing just how great the risk really is.
Broad access and swelling accounts
But the problems don’t start when employees leave. They start a lot earlier, research has shown, since more than a third (34%) of surveyed businesses admitted to knowingly granting broader access to users.
At the same time, the number of user access points organizations manage on a daily basis is swelling. Besides new employees going in and out, there are also contractors, partners, and suppliers that the businesses need to monitor. Also, in more recent times, the emergence of automation and agentic AI further complicates things.
On average, organisations have nearly 3,000 (2,754) new users in systems each month. More than a quarter (26%) are onboarding up to 250 new employees every month, while a tenth (12%) are adding as many as 10,000 AI agents and machine identities at the same time.
Finally, the security processes in place today are severely outdated, SailPoint says. More than a third (28%) still rely on spreadsheets and paperwork to validate employee accounts and responsibilities, and a fifth of AI agents (21%) are still being managed manually.
