Download: 2026 SANS Identity Threats & Defenses Survey

Identity security continues to dominate cyber‑risk discussions, and the 2026 SANS survey underscores why. Over half of surveyed enterprises reported at least one identity‑related compromise, a figure that eclipses previous years and signals that attackers are mastering credential‑based tactics. By focusing on the human element—particularly the fatigue caused by frequent MFA prompts—malicious actors are finding new ways to bypass traditional safeguards. This trend forces security leaders to balance user convenience with robust verification methods.

MFA fatigue emerged as a critical vulnerability, with 26% of respondents acknowledging it as a factor in successful attacks. Continuous push notifications, SMS codes, and biometric prompts wear down users, leading to complacency or outright acceptance of suspicious requests. Threat actors exploit this fatigue by timing phishing attempts to coincide with expected MFA prompts, effectively turning a security control into an attack vector. Organizations must therefore refine their MFA policies, employing risk‑based authentication, adaptive challenges, and user education to mitigate fatigue‑driven lapses.

The survey also highlights gaps in detection and response capabilities. Many firms struggle to identify compromised credentials promptly, allowing attackers to move laterally and exfiltrate data. Investing in behavior‑analytics platforms, continuous monitoring, and automated response playbooks can close these gaps. As identity attacks evolve, a layered approach—combining strong credential hygiene, intelligent MFA, and rapid threat hunting—will be essential for protecting enterprise assets in 2026 and beyond.