Identity is now the number one cyber-attack vector

New PwC study shows how the way hackers get into organisations has changed

1 April 2026, Diegem – If attackers want to get into organisations, identity breaches are now the number one entry point. Across PwC incident response engagements in 2025, identity compromise and ransomware were among the most consistently cited client concerns. In its annual Threat Dynamics report, PwC offers critical insights into the cyber threat landscape, based on analysis of PwC’s incident response, managed security and security consulting services globally. The analysis shows how AI is becoming a key enabler, empowering threat operations and amplifying adversary capabilities across the attack chain.

In 2025, identity-centric intrusions increased as adversaries exploited trusted authentication processes. These techniques, though not new, expanded in scale, sophistication, and speed. Threat actors preferred using social engineering, cloud compromise, and weaponising trust relationships to infiltrate enterprise environments, focusing on maximum return with minimal friction for threat actors.

The economics are simple: a single compromised account can unlock an organisation’s most critical systems and data, delivering maximum return with minimal friction for threat actors that are persistent and patient. Identity has become a widening attack surface for attackers to exploit, and represents the least margin for error for organisations, with 18% of executives reporting identity and access management as being a ‘top three’ priority when allocating their organisations’ cyber budgets. ​

Generative AI (GenAI) has amplified this trajectory, powering more realistic phishing operations, hyper-realistic voice and image impersonation, and more convincing IT service desk manipulation. One compromised identity, whether it be human or machine, can quickly escalate to the widespread access needed to compromise an entire environment. ​

Throughout 2026, PwC expects these identity-first tactics to accelerate and sharpen. As organisations adopt more advanced controls, including zero trust architectures, adversaries will iterate their techniques for evasion and impersonation, such as by spoofing device posture and employing multistage, identity-based attacks.

Cedric Guisson, Senior Manager Digital Identity at PwC Belgium “Key initiatives that are essential to defending against this threat include deploying phishing-resistant MFA for all users, threat modelling and hardening IT help desk processes, strengthening remote identity verification methods, and establishing identity threat detection and response capabilities. In a landscape where attackers are exploiting identity’s central role, organisations will also need to tighten identity governance with race-level discipline to maintain the advantage.”

The cybercrime ecosystem

The commoditised cybercrime machine is an engine running hotter than ever and is increasingly modular. It thrives on speed, automation and a growing ‘Cybercrime-as-a-Service’ marketplace of tooling and capabilities. Across threat actor motivations, over 25% of executives reported their most damaging data breach in the past three years cost their organisation at least US$1 million. For security leaders calibrating their strategies to defend against breaches, financially motivated threat actors remain top of mind. ​

The ransomware threat landscape has escalated in both scale and complexity. The ecosystem became increasingly fragmented, with dozens of active Ransomware-as-a-Service (RaaS) programmes. In 2025, PwC identified 7,635 ransomware leak site victims recorded by 135 threat actors, surpassing the 4,837 victims recorded by 92 threat actors in 2024.

Bart De Win, Director Cyber at PwC Belgium says: “Defenders should expect broader and faster financially motivated attacks over the course of 2026, alongside a diversification in ransomware tactics and a shift towards stealthier credential theft methods, including custom ‘stealers’ and their distribution through more private, less visible channels. The advantage belongs to organisations that treat intelligence as telemetry, continuously tune their defences, and prepare for both ransomware and data-only extortion campaigns, across on-premise and cloud environments alike.

PwC’s assessment is that continued AI adoption by adversaries is highly likely to fuel a sustained increase in the volume and sophistication of threats originating from a much wider pool of threat actors, already reflected in the expanding cybercrime ecosystem. Furthermore, we anticipate future malware development will be AI-assisted and natively incorporate AI.

About PwC

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 364,000 people in 136 countries and 137 territories. Across audit and assurance, tax and legal, deals and consulting we help build, accelerate and sustain momentum. Find out more at www.pwc.com. ​

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

© 2026 PwC. All rights reserved. ​

 

 

Share

Latest stories

Website preview
Belgian infrastructure spending to reach €17bn by 2050 – PwC
Belgium’s infrastructure spending will rise to €17bn by 2050, PwC finds. Social, transport and industrial sectors drive 64% of investment as global spending accelerates.
press.pwc.be
Website preview
The corporate company car model is under pressure
Diegem, 4 May 2026 – Now electric vehicles dominate company fleets in Belgium, the corporate company car model is being impacted by increasing fleet costs, reduced tax deductibility and complex administrative regulations. In its latest mobility survey, PwC Belgium spoke to fleet managers representing more than 38,000 employees. Rising fleet costs remains a pressing concern for fleet managers, pushing companies to reassess their car and mobility policies and shift towards more full electric vehicles and the offering of the federal mobility budget.
press.pwc.be
Website preview
PwC Belgium extends partnership with Royal Belgian Football Association for four years
Brussels, 30 may 2026 – PwC Belgium and the Royal Belgian Football Association (RBFA) are pleased to announce the extension of their partnership agreement until 2030. As one of the official partners of the Belgian Red Devils and Belgian Red Flames, PwC will continue its support for an additional four years. The renewed collaboration underscores a shared commitment to nurturing talent, promoting inclusion, and building connections between people and communities through the power of football.
press.pwc.be

Get updates in your mailbox

By clicking "Subscribe" I confirm I have read and agree to the Privacy Policy.

About PwC Belgium

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 364,000 people in 136 countries and 137 territories. Across audit and assurance, tax and legal, deals and consulting we help build, accelerate and sustain momentum. Find out more at www.pwc.com

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. 

© 2026 PwC. All rights reserved. 

Contact

Culliganlaan 5 1831 Diegem

+32 (0)2 710 42 11

www.pwc.be