Beneath the surface of today’s enterprise networks lies a swelling wave of risk—millions of unmanaged, invisible devices that are fast becoming the most exploited attack vectors in modern cybersecurity. As investors look for the next frontier in enterprise resilience, the shift toward securing Non-Human Identities (NHI) signals a critical and lucrative turning point.
A striking statistic from the 2025 Gartner Identity & Access Management Summit in London set the tone for a conversation long overdue: up to 25% of organisations have faced security breaches linked to machine identities. While the spotlight often lands on user credentials and conventional endpoints, it’s the growing shadow of Non-Human Identities—applications, APIs, bots, and especially unmanaged devices in the OT and IoT space—that’s fuelling an escalating crisis.
Supporting this urgency, Microsoft’s 2024 Digital Defence Report laid bare an uncomfortable truth: 92% of ransomware attacks now stem from unmanaged devices. The scale of exposure is no longer theoretical. Research by UpGuard reinforces this with a sobering insight—nearly 70% of organisations have endured a cyberattack initiated through an unknown or poorly managed internet-facing asset. The data makes it abundantly clear: current security postures are ill-equipped to tackle the breadth of today’s machine-driven enterprise environments.
Digital transformation, cloud-first strategies, and hybrid work models have redefined the enterprise perimeter. But while investments in human Identity and Access Management (IAM) have matured, the unmanaged, unseen machine layer has been largely ignored. Devices ranging from legacy industrial controllers to smart medical equipment continue to operate silently in the background, rarely updated, often unsecured, and entirely out of view. These are not future threats—they’re present-day liabilities.
In 2025, cybersecurity leaders have shifted from prevention to visibility. Without a comprehensive, real-time inventory of every device connected to their networks, organisations cannot defend what they cannot see. The once auxiliary task of device discovery has become mission-critical. Especially in industrial, healthcare, and critical infrastructure environments, the lack of control over connected systems is opening doors to attackers who exploit the soft underbelly of enterprise IT.
The challenge lies in the nature of these devices. Unlike managed endpoints—laptops, mobile phones, and servers that fall under the watchful eye of MDM and SIEM tools—unmanaged devices are effectively ghosts on the network. They may operate with expired certificates, default login credentials, or outdated firmware, and often lack basic telemetry. This invisibility makes them perfect staging grounds for lateral attacks, data exfiltration, and system disruption.
Organisations must take decisive steps to regain control. The strategy begins with discovery. Tools like Device Authority’s KeyScaler Discovery solution offer a breakthrough approach—automatically identifying unmanaged IoT and OT assets and surfacing vulnerabilities that would otherwise go unnoticed. This is more than asset mapping—it’s a foundation for risk-informed decision-making at scale.
Once identified, these devices must be assessed and secured. Automating this process is not a luxury but a necessity. Manual efforts fail under the weight of tens of thousands of assets. By automating credential rotation, certificate lifecycle management, and policy enforcement, enterprises can lock down their infrastructure without sacrificing operational efficiency.
The era of passive defence is over. The next wave of enterprise resilience depends on recognising that non-human identities now represent the largest and most volatile segment of the attack surface. Visibility, automation, and intelligent identity management are the cornerstones of this new paradigm—and companies investing in these capabilities today are poised to lead tomorrow’s cybersecurity landscape.
Device Authority is a leading cybersecurity company specialising in identity management for IoT and OT environments. Its KeyScaler platform delivers automated, scalable security solutions that discover, manage, and protect unmanaged devices and machine identities, helping organisations build cyber-resilient infrastructures.
Tern plc (LON:TERN) backs exciting, high growth IoT innovators in Europe. They provide support and create a genuinely collaborative environment for talented, well-motivated teams.
