Unmanaged Devices Fuel a Growing Security Crisis
At the 2025 Gartner Identity & Access Management Summit this week in London, a stark statistic was shared: 17% to 25% of organizations have experienced security incidents related to Non Human Identities (NHI) and specifically machine identities. While machine identities was the key theme of the Gartner IAM event this week, the collective encompasses a broad range, including applications, APIs, and bots, unmanaged devices such as IoT and OT systems represent one of the fastest growing and most vulnerable subsets.
This reality is echoed across the cybersecurity landscape. A 2024 Microsoft Digital Defence Report revealed that 92% of ransomware attacks originated from unmanaged devices, underscoring just how exposed these endpoints are in modern enterprises. Meanwhile, research from UpGuard found that nearly 7 in 10 organizations have experienced at least one cyberattack that began with an unknown, unmanaged, or poorly managed internet-facing asset.
Together, these findings highlight a critical gap: organizations are failing to identify and manage the full scope of non-human identities in their environments. As Gartner increasingly emphasizes the need for Cyber-Physical Systems Protection and Security Posture Management, it’s clear that visibility and control over NHI and unmanaged devices must be prioritized.
The Invisible Risk in Modern IT Ecosystems
As enterprises embrace digital transformation, cloud migration, and hybrid work models, the attack surface is expanding at an alarming rate. While organizations invest heavily in human identity and access management, a critical blind spot remains, unmanaged devices, particularly in OT and IoT environments. These devices, often operating in the background, silently accumulate and exchange data, and if left unchecked, become conduits for cyberattacks. Visibility into these non-human identities is minimal, and control is even more elusive.
In 2025, the strategic focus for many cybersecurity leaders has shifted: visibility is no longer a nice-to-have, it’s the foundation of resilience. Without insight into the devices connected to enterprise infrastructure, organizations cannot protect what they cannot see.
Understanding Unmanaged Devices
Unmanaged devices include any asset that connects to a network but lacks centralized oversight. In an OT/IoT context, this encompasses smart sensors, control units, legacy machinery, and even connected medical or industrial equipment. These assets frequently operate with default credentials, unpatched firmware, or expired certificates, all of which create low-hanging fruit for attackers.
Unlike corporate laptops or mobile devices governed by MDM solutions, unmanaged devices are often invisible to IT and security teams. They lack logs, telemetry, or integration with SIEM/PAM tools, making them nearly impossible to monitor. Without active management, these non-human identities can’t be trusted—and as the number of devices per organization grows into the tens of thousands, this becomes a critical enterprise-scale risk.
Seeing the Unseen to Secure the Enterprise
The mounting evidence is clear: unmanaged devices, especially those in OT and IoT environments, are not only increasing rapidly, they’re also among the most exploited. From ransomware to credential theft, the lack of visibility and control is creating fertile ground for cyberattacks across all sectors.
Security strategies must evolve to meet this threat. This means prioritizing discovery and visibility, automating security and embracing solutions that go beyond traditional user identity management. Organizations must act now to identify, monitor, and secure every device connected to their infrastructure.
Top Considerations for Securing Unmanaged Devices