CyberArk CYBR Unit: what it means for identity security leaders

TL;DR: Identity programmes now need governance, research, and response capabilities that can support leadership decisions, not just day-to-day operations, according to CyberArk. CyberArk’s CYBR Unit is positioned as an executive-facing identity security advisory function that combines threat research, adversary simulation, and incident response to help CIOs and CISOs align security strategy with business priorities.

NHIMG editorial — based on content published by CyberArk: CYBR Unit and strategic identity security for enterprise leaders

By the numbers:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

Questions worth separating out

Q: How should security leaders structure identity governance for both humans and non-human identities?

A: Security leaders should run identity governance as one programme with distinct operating models for humans, NHIs, and autonomous systems.

Q: Why do executive-facing identity programmes matter for NHI security?

A: Executive-facing identity programmes matter because NHI risk is usually distributed across IAM, PAM, cloud, and application teams.

Q: What should organisations test in identity-focused adversary simulations?

A: Organisations should test whether a compromised identity can move from initial access to broader privilege before detection.

Practitioner guidance

• Create an executive identity risk agenda Define the identity risks that must be visible at CIO and CISO level, including NHI exposure, lifecycle failures, and response readiness.
• Use adversary simulation to test identity assumptions Run simulation scenarios that start with compromised secrets, over-privileged service accounts, or third-party access paths, then measure how far access can spread before containment.
• Connect incident response to entitlement redesign After identity-related incidents, update access boundaries, review offboarding steps, and reset privilege assumptions so the same compromise path does not remain available.

What's in the full article

CyberArk's full page covers the leadership-facing operating model this post intentionally leaves at the strategic level:

• How CYBR Unit positions executive consultation, research, and incident response across the identity security programme
• The types of leadership support CyberArk says it offers for roadmap planning and advisory work
• The research and thought-leadership resources linked from the page for CIO and CISO audiences
• The contact and engagement paths for organisations evaluating executive identity security support

👉 Read CyberArk's overview of CYBR Unit for identity security leaders →

CyberArk CYBR Unit: what it means for identity security leaders?

Explore further

View Full Forum →  |  NHI Foundation Course →