HK firms ignore machine privilege risks as AI access grows: report

92% of Hong Kong respondents define “privileged users” exclusively as humans.

A vast majority of Hong Kong organisations fail to recognise machine identities as privileged users, exposing them to rising cyber threats amidst rapid adoption of cloud computing and artificial intelligence, according to new research by cybersecurity firm CyberArk.

The company’s report found that 92% of Hong Kong respondents define “privileged users” exclusively as humans, ignoring non-human identities such as automated processes, bots, and AI agents.

This comes even as 51% of machine identities in these organisations hold privileged or sensitive access to critical systems.

Globally, there are now 82 machine identities for every human identity, driven by increased automation and integration of cloud-based technologies. Many of these machine identities operate with little or no oversight, creating what CyberArk calls an "unsecured privilege sprawl."

The report also revealed that 95% of organisations in Hong Kong experienced at least two identity-centric security breaches in the past year, a figure that exceeds the global average of 87%.

These breaches range from phishing and vishing attacks to compromised credentials and unauthorised access to sensitive data.

CyberArk’s research highlighted a major gap in identity governance at a time when AI tools are rapidly being embedded into enterprise systems.

According to the report, AI is expected to be the leading source of new privileged identities in 2025, yet 67% of Hong Kong organizations lack proper controls to manage AI-related access.