TL;DR: Ransomware victims rose 53% year over year to more than 7,960 in 2025, while 46% of compromised systems with corporate logins were unmanaged devices and leaked secrets took 94 days on median to remediate, according to Check Point and Verizon. Continuous privileged access control, not project-based security, is now the resilience baseline.
NHIMG editorial — based on content published by Fudo Security: Why consistent application of security principles is the only path to true cyber resilience in 2026
By the numbers:
- The number of victims shamed on double-extorsion leak sites surged to over 7,960, a 53% year-over-year increase.
- Educational institutions faced an average of 4,352 attacks per organisation weekly, representing a 22% increase.
- Remediating a critical flaw takes a median of 32 days, and nearly half remain unpatched throughout the entire year.
Questions worth separating out
Q: How should security teams reduce the risk from dormant privileged accounts?
A: Security teams should inventory every privileged account, confirm a current owner and business need, and remove access that no longer serves an active process.
Q: Why do leaked secrets and unmanaged devices matter so much for resilience?
A: They matter because they let attackers use valid access instead of forcing a noisy exploit.
Q: What do organisations get wrong about cyber resilience programmes?
A: They often treat resilience as a separate initiative instead of a condition created by everyday identity controls.
Practitioner guidance
- Centralise privileged access enforcement Consolidate privileged access, session control, and audit logging so dormant entitlements cannot sit outside a governed workflow.
- Treat exposed secrets as active incidents Build a process that detects leaked API keys, tokens, and certificates, then revokes and replaces them before attackers can reuse them.
- Close the unmanaged device gap Identify corporate logins used from unmanaged endpoints and remove assumptions that BYOD or personal-device use is low risk.
What's in the full article
Fudo Security's full article covers the operational detail this post intentionally leaves for the source:
- The article expands the ransomware and attack-volume trends by sector and region, which is useful if you need the raw evidence behind the resilience argument.
- It walks through the specific compliance implications of NIS2 and DORA, including board responsibility, supplier oversight, and continuity requirements.
- It describes the operational framing of privileged access management in more detail, including session control, dormant account removal, and access policy enforcement.
- It includes the vendor's own product-context examples for how these controls are applied in practice across remote access and third-party access scenarios.
👉 Read Fudo Security’s analysis of cyber resilience, PAM, and continuous access control →
Privileged access and cyber resilience in 2026: what changes now?
Explore further
Continuous resilience is really continuous access governance. The article correctly rejects project-based security because cyber resilience fails when privileged access is treated as a static administrative problem. In identity terms, the real issue is not whether controls exist, but whether they are continuously enforced across humans, service accounts, and external access paths. That makes PAM, lifecycle governance, and recertification operational controls rather than periodic compliance artefacts. Practitioners should read this as a mandate to run access governance as a live discipline.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who is accountable when privileged access failures lead to an incident?
A: Accountability should sit with the owners of the access process, the security leadership that defines the control standard, and the board where regulation requires oversight. Under NIS2 and DORA, access governance is not just an operational issue. It is part of formal resilience accountability.
👉 Read our full editorial: Cyber resilience in 2026 depends on continuous privileged access control