Almost all (99%) of Australian organisations have integrated or plan to integrate AI models or AI agents into their identity infrastructure, according to a report from Rubrik.
Meanwhile, 98% of local security leaders report identity-driven attacks as their top concern — the highest globally.
The report findings are particularly concerning because AI agents, if compromised, grant threat actors direct access to sensitive systems and data, increasing the scale and speed of potential attacks.
Therefore, organisations must prioritise securing AI agent identities and access controls to prevent devastating breaches.
The study was conducted by Wakefield Research, covering 1,625 IT security decision-makers at companies of 500 or more employees.
The research was conducted in 10 markets — United States, United Kingdom, France, Germany, Italy, Netherlands, Japan, Australia, Singapore and India). Data were gathered September 18-29, 2025, using an email invitation and an online survey.
“AI agents are a force multiplier – the only question is whether that force is positive or negative,” said Kavitha Mariappan, CTO at Rubrik.
“When compromised and used maliciously, AI agents can cause 10 times the damage in one-tenth of the time,” she said. “We’ve already seen the impact compromised human identities can have, and it’s clear agentic identities are the next frontier.”
One of the most notable findings in this year’s report was that Australian organisations experienced the highest proportion of ransomware attacks globally (35%).
One reason for the high rate of ransomware attacks in the country appears to be because local organisations continue to pay their attackers.
Of Australian organisations that experienced a ransomware attack in the past 12 months, 95% reported paying a ransom to recover data or halt the attack, ranking second only to Singapore at 97%.
“The figures in this report underline a sobering reality – ransomware remains one of Australia’s most persistent and costly cyber threats. Traditional defences clearly aren’t enough,” said David Rajkovic, VP of Rubrik ANZ. “It is critical for Australian organisations to adopt a proactive security posture, one that prioritises rapid recovery, because paying ransoms only fuels the criminal ecosystem.”
Despite nearly all Australian ransomware victims paying their attackers, the report finds that not a single Australian organisation was able to recover and resume normal operations in less than an hour. Almost a quarter (23%) took more than 24 hours to recover.
No Australian organisation believes they could recover full service operations in under 12 hours, and 34% believe it would take at least a week to do so.
In trying to recover identity infrastructure post compromise, more than three quarters (78%) of Australian organisations believe it would take them more than 24 hours.
Australian organisations are, however, looking to implement better resilience measures, with 92% planning to hire professionals specifically to manage or improve digital identity management.
Australian respondents also widely reported shifting toward using more cloud and SaaS-based services than any other nation (88%).
“The report highlights a nation that understands the threats and is keen to forge ahead with innovation, but unfortunately our nation lacks investment into appropriate security controls,” said Rajkovic.
“To prevent innovation from outpacing risk management as organisations adopt AI, mechanisms to monitor and audit agentic actions, enforce real-time guardrails for agentic changes, fine-tune agents for accuracy and, finally, undo agent mistakes will be critical,” he said.
