Examining the State of IGA

Today’s organizations face a rapidly multiplying number of digital identities as hybrid work and cloud, SaaS, IIoT, and other technologies proliferate. Companies understand the critical nature of identity security, but they still find Identity Governance and Administration (IGA) challenging and complex. They want cloud-native tools to help them secure identity management, maintain reliable access control for sensitive data, and comply with applicable regulations. At the same time, companies need to keep costs down and maintain performance for users and business operations. These goals all point to the imperative of implanting a modern, SaaS-based IGA solution.

We recently surveyed more than 500 IT and business leaders responsible for access management, identity governance, cybersecurity, compliance, and overall IT administration. The key insights, discussed below, will give organizations an overview of the state of IGA in 2025 and how they can best protect their digital identities.

Challenges with current IGA

Organizations find their current IGA solutions challenging for several reasons. These solutions have a hard time ensuring appropriate user access control, complicated customization requirements, and a high total cost of ownership (TCO). Almost 60% of survey participants said expensive TCO was a main drawback in their current IGA solution. The situation calls for more flexible and efficient IGA solutions.

The implication is that enterprises are discovering it’s too time-consuming to upgrade their current IGA solution, or it would require resources they don’t have. Over 50% of those surveyed noted that they lacked the skills and development effort needed to run their solution with customization. About 46% reported functionality gaps in their IGA solution; one is the struggle to ensure users have the right access to data and systems at the right time. The other is the solution’s inability to automate access control and compare access rights.

Increased IT security investment

It’s clear from reported budget allocations that companies understand the increasing importance of cybersecurity – of which IGA is a part – in the current business environment. Almost 90% of participants reported an increase in funding over the last year for security teams and resources.

Enterprises might have increased cybersecurity spending to preempt the financial losses that could result from data breaches, especially in highly regulated industries that hold vast databases of sensitive data. If so, they wouldn’t be wrong; the financial sector saw monetary losses due to cybersecurity incidents more than quadruple since 2017, to the tune of $2.5 billion, according to the International Monetary Fund. IMF data also suggests that most enterprises know the capabilities they need to manage better, as well as how such improvements will impact return on investment and process efficiency.

Greater interest in Cyber Liability Insurance

In light of rising data breach costs, many companies are choosing to buy Cyber Liability Insurance. Sixty-four percent of survey participants reported that their companies have purchased this insurance to offset breach expenses. And yet, Network Assured found that just 19% of companies have purchased coverage for security incidents costing more than $600,000. That’s a problem that could lead to being underinsured because the average ransom paid by companies that have been breached exceeds $800,000.

Insurers are demanding more stringent security measures to address breach risks. These include strong authentication protocols, better access controls, and an identity governance program that is well-defined. All these measures signal a company’s willingness to meet an insurer’s security requirements.

IGA investment is driven by a desire for efficiency

The main business issues driving IGA investment are complex access governance and time-consuming manual processes. Sixty-one percent of participants named time-intensive manual processes as the first or second factor driving their companies’ investment in IGA.

For most enterprises, it looks like there are ongoing challenges related to user access management, identity lifecycle management, and manual, error-prone onboarding and offboarding. In addition, 64% of participants noted that the burdensome requirement to manage user permissions across different systems – the process of complex access governance – is the first or second-most important challenge they hope to overcome by investing in a new IGA tool.

Advanced IGA features increase ROI

Three key features of IGA solutions can substantially increase ROI: enhanced access visibility, user behavior insights, and Role-based Access Control (RBAC). For today’s companies, cloud-based platforms that offer these capabilities are especially valuable.

When survey participants were asked which features would boost their companies’ ROI the most, about 57% pointed to cloud-based user access control such as RBAC. This could signify that many enterprises would see substantial bottom-line advantages by implementing a cloud-based IGA solution that provides improved access control across cloud, multi-cloud, hybrid, and on-premises environments.

Seizing the IGA opportunity

What do these findings suggest about the state of IGA? Well, even though organizations are spending more on IT security, many continue to struggle with TCO. Most companies have confidence in their primary identity security capabilities, but unnecessary access and over-permissioned access are ongoing issues. User access control remains difficult, and Cyber Liability Insurance has become an attractive method for offsetting breach expenses. The good news is that IGA’s advanced features increase a company’s ROI.

Companies can improve the state of their IGA by addressing security gaps and conducting a comprehensive audit of existing IGA capabilities to enhance their IGA strategy. The next step is to invest in an IGA platform that offers modern SaaS features and automates manual processes. This includes built-in analytics that use Generative AI-powered insights to enhance decision-making. These steps will help organizations move forward in their ability to manage today’s deluge of digital identities.