The gap between ransomware threats and defenses is widening, with a 10-point average increase in the preparedness gap across every threat category, according to Ivanti‘s 2026 State of Cybersecurity Report. Ransomware poses a significant threat, with 63% of security professionals rating it as high or critical, but only 30% feeling very prepared to defend against it, resulting in a 33-point gap.
The issue is further complicated by the lack of attention to machine credentials in ransomware playbooks. CyberArk‘s 2025 Identity Security Landscape report found that there are 82 machine identities for every human in organizations worldwide, with 42% having privileged or sensitive access. However, Gartner‘s ransomware preparation guidance and playbook framework fail to address machine identities, including service accounts, API keys, tokens, and certificates. This blind spot is inherited by organizations that follow the framework, leaving them vulnerable to attacks. The Gartner research note warns that poor identity and access management practices are a primary starting point for ransomware attacks, and that compromised credentials are being used to gain access.
The readiness deficit is not limited to ransomware, with Ivanti‘s report finding that the preparedness gap widened across every major threat category, including phishing, software vulnerabilities, and supply chain attacks. CrowdStrike‘s 2025 State of Ransomware Survey found that only 38% of organizations that suffered a ransomware attack fixed the specific issue that allowed attackers in, and 54% of organizations said they would or probably would pay if hit by ransomware today, despite FBI guidance against payment. The lack of machine identity playbooks and procedures is a significant contributor to this deficit, with five containment steps defining most ransomware response procedures today, but machine identities are missing from every one of them.
The consequences of not addressing machine identities are severe, with Gartner estimating total recovery costs at 10 times the ransom itself, and CrowdStrike putting the average ransomware downtime cost at $1.7 million per incident. The use of OpenAI and other AI technologies is expected to multiply the problem, with 87% of security professionals saying integrating agentic AI is a priority, but only 55% using formal guardrails. Security leaders who build machine identity inventory, detection rules, and containment procedures into their playbooks now will be better positioned to govern the autonomous identities arriving next and close the gap that attackers are exploiting today.
The impact of not addressing machine identities will be significant, with organizations that do not take steps to address this issue likely to face increased risk of ransomware attacks and significant financial losses. The use of Nvidia and other technologies to support AI-powered threat detection and response will be critical in addressing this issue, but it will require a fundamental shift in how organizations approach cybersecurity and machine identity management. The test of whether organizations are prepared to address this issue will come in the form of tabletop exercises and real-world incidents, and those that are not prepared will face significant consequences, including damage to their reputation and financial losses, and may even be vulnerable to attacks from Ring and other IoT devices.
Leave a Reply