Identity is now the number one cyber-attack vector

New PwC study shows how the way hackers get into organisations has changed

1 April 2026, Diegem – If attackers want to get into organisations, identity breaches are now the number one entry point. Across PwC incident response engagements in 2025, identity compromise and ransomware were among the most consistently cited client concerns. In its annual Threat Dynamics report, PwC offers critical insights into the cyber threat landscape, based on analysis of PwC’s incident response, managed security and security consulting services globally. The analysis shows how AI is becoming a key enabler, empowering threat operations and amplifying adversary capabilities across the attack chain.

In 2025, identity-centric intrusions increased as adversaries exploited trusted authentication processes. These techniques, though not new, expanded in scale, sophistication, and speed. Threat actors preferred using social engineering, cloud compromise, and weaponising trust relationships to infiltrate enterprise environments, focusing on maximum return with minimal friction for threat actors.

The economics are simple: a single compromised account can unlock an organisation’s most critical systems and data, delivering maximum return with minimal friction for threat actors that are persistent and patient. Identity has become a widening attack surface for attackers to exploit, and represents the least margin for error for organisations, with 18% of executives reporting identity and access management as being a ‘top three’ priority when allocating their organisations’ cyber budgets. ​

Generative AI (GenAI) has amplified this trajectory, powering more realistic phishing operations, hyper-realistic voice and image impersonation, and more convincing IT service desk manipulation. One compromised identity, whether it be human or machine, can quickly escalate to the widespread access needed to compromise an entire environment. ​

Throughout 2026, PwC expects these identity-first tactics to accelerate and sharpen. As organisations adopt more advanced controls, including zero trust architectures, adversaries will iterate their techniques for evasion and impersonation, such as by spoofing device posture and employing multistage, identity-based attacks.

Cedric Guisson, Senior Manager Digital Identity at PwC Belgium “Key initiatives that are essential to defending against this threat include deploying phishing-resistant MFA for all users, threat modelling and hardening IT help desk processes, strengthening remote identity verification methods, and establishing identity threat detection and response capabilities. In a landscape where attackers are exploiting identity’s central role, organisations will also need to tighten identity governance with race-level discipline to maintain the advantage.”

The cybercrime ecosystem

The commoditised cybercrime machine is an engine running hotter than ever and is increasingly modular. It thrives on speed, automation and a growing ‘Cybercrime-as-a-Service’ marketplace of tooling and capabilities. Across threat actor motivations, over 25% of executives reported their most damaging data breach in the past three years cost their organisation at least US$1 million. For security leaders calibrating their strategies to defend against breaches, financially motivated threat actors remain top of mind. ​

The ransomware threat landscape has escalated in both scale and complexity. The ecosystem became increasingly fragmented, with dozens of active Ransomware-as-a-Service (RaaS) programmes. In 2025, PwC identified 7,635 ransomware leak site victims recorded by 135 threat actors, surpassing the 4,837 victims recorded by 92 threat actors in 2024.

Bart De Win, Director Cyber at PwC Belgium says: “Defenders should expect broader and faster financially motivated attacks over the course of 2026, alongside a diversification in ransomware tactics and a shift towards stealthier credential theft methods, including custom ‘stealers’ and their distribution through more private, less visible channels. The advantage belongs to organisations that treat intelligence as telemetry, continuously tune their defences, and prepare for both ransomware and data-only extortion campaigns, across on-premise and cloud environments alike.

PwC’s assessment is that continued AI adoption by adversaries is highly likely to fuel a sustained increase in the volume and sophistication of threats originating from a much wider pool of threat actors, already reflected in the expanding cybercrime ecosystem. Furthermore, we anticipate future malware development will be AI-assisted and natively incorporate AI.

About PwC

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 364,000 people in 136 countries and 137 territories. Across audit and assurance, tax and legal, deals and consulting we help build, accelerate and sustain momentum. Find out more at www.pwc.com. ​

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

© 2026 PwC. All rights reserved. ​

 

 

Share

Latest stories

Website preview
"The challenges are clear, the ambition is there but the path isn't, yet"
30 March 2026, Diegem - Belgian HR leaders are keenly aware of the seismic workforce shifts ahead. A new survey with Belgian HR decision makers conducted by PwC Belgium still finds critical gaps in data capability, change management, regulatory readiness, and strategic positioning are leaving organisations exposed at a time when speed of reinvention is everything. PwC Belgium’s CHRO Survey reveals a workforce transformation paradox. The will is there, but the wiring isn't. HR leaders aren't short on ambition. “The real challenge is closing the gaps and turning that ambition into results. Whether it's upgrading systems, building new skills, rethinking reward, ensuring legal compliance, or earning a stronger voice at the strategy table. The gap between what HR wants to do and what it actually delivers is where the story gets interesting”, says Axel Smits, Workforce Services Leader at PwC Belgium.
press.pwc.be
Website preview
Students get chance to test their AI skills
PwC runs AI escape game sessions in campus cities
press.pwc.be
Website preview
AI investments and an explosion of megadeals are creating a K-shaped M&A market
Diegem, 29 January 2026 - Momentum heading into 2026 suggests that global M&A is entering a new phase, shaped less by cyclical recovery and more by structural change. In its latest Global M&A Industry Trends - Outlook 2026, PwC reports a resurgence of megadeals, combined with accelerating investment in AI and enabling infrastructure, driving higher deal values even as volumes remain muted. “This divergence highlights the emergence of a K-shaped M&A market, where activity is increasingly concentrated among large, well-capitalised buyers and select markets and sectors,” says Veronique Gilles, Partner PwC Belgium.
press.pwc.be

Get updates in your mailbox

By clicking "Subscribe" I confirm I have read and agree to the Privacy Policy.

About PwC Belgium

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 364,000 people in 137 countries. Across audit and assurance, tax and legal, deals and consulting we help build, accelerate and sustain momentum. Find out more at www.pwc.com

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. 

© 2025 PwC. All rights reserved. 

Contact

Culliganlaan 5 1831 Diegem

+32 (0)2 710 42 11

www.pwc.be