The issue of ransomware threats and the defenses in place to counter them is becoming increasingly problematic, according to Ivanti’s 2026 State of Cybersecurity Report. The report indicates that the gap in preparedness has widened by an average of 10 points each year across all threat categories being monitored. Ransomware is highlighted as a significant concern, with 63% of security professionals viewing it as a high or critical threat. However, only 30% feel adequately prepared to defend against it, resulting in a 33-point gap that has increased from previous years.
CyberArk’s 2025 Identity Security Landscape report reveals that there are 82 machine identities for every human in organizations worldwide, and 42% of these machine identities have privileged or sensitive access.
Despite the presence of authoritative playbook frameworks like Gartner’s ransomware preparation guidance, there are critical blind spots in addressing machine identities. The playbook fails to include essential steps for resetting compromised service accounts, API keys, tokens, and certificates. This oversight leaves organizations vulnerable to ransomware attacks that exploit these machine identities.
The readiness deficit extends beyond individual surveys, as highlighted in Ivanti’s report, which shows a widening gap in preparedness for various threats, including ransomware, phishing, software vulnerabilities, API-related vulnerabilities, and supply chain attacks. This deficit poses a significant challenge for organizations in effectively safeguarding their data, people, and networks against evolving threats.
CrowdStrike’s 2025 State of Ransomware Survey further underscores the impact of this deficit across industries, with many organizations struggling to recover quickly and experiencing operational disruptions following ransomware attacks. The survey also reveals that a significant portion of organizations fail to address the specific issues that allowed attackers to gain entry, opting for general security improvements instead.
Machine identity playbooks fall short in several key areas, including the lack of consideration for machine credentials in containment procedures. Credential resets are often inadequate for addressing compromised service accounts, API keys, and tokens. Additionally, organizations typically do not conduct an inventory of machine identities before an incident, leading to delays in response and containment efforts.
Network isolation measures often fail to revoke trust chains associated with machine identities, leaving organizations vulnerable to lateral movement by attackers. Detection logic is not tailored to identify anomalous machine identity behavior, and stale service accounts remain a prevalent entry point for attacks.
The urgency to address these shortcomings is further emphasized by the increasing adoption of agentic AI in cybersecurity. Organizations must enhance their machine identity governance to mitigate the escalating threat landscape effectively.
In conclusion, security leaders must prioritize the inclusion of machine identity inventory, detection rules, and containment procedures in their playbooks to bridge the gap in preparedness and effectively combat ransomware threats. By proactively addressing these issues, organizations can not only mitigate current vulnerabilities but also prepare for the governance challenges posed by autonomous machine identities in the future.