While most organizations are still in the early horizons of their identity security journey, those who achieve maturity are seeing disproportionately higher returns for every dollar spent, according to SailPoint.
Identity security adoption still in early stages
The value of identity security remains largely untapped today. Of the organizations surveyed, roughly 41% remain at the very beginning of their identity security journey with only 10% progressing to the more advanced stages; this large gap highlights the significant opportunities for organizations to realize the full potential of identity security.
The research suggests that organizations that mature their identity security practice can “bend” the identity security-to-value curve, delivering disproportionate economic impact. These disproportionately higher returns are observed through three key factors: reduced cyber risk, increased business value, and improved productivity. More mature organizations gain disproportionate reductions in risk, higher topline business value, and increased workforce productivity.
“Achieving identity security maturity does not have to be an arduous undertaking. With the right strategy, operating model, technology, and expertise, organizations can get there, seeing disproportionately higher returns and bending the identity security-to-value curve for their organization,” said Matt Mills, President, SailPoint. “Typically, we see spending on cybersecurity delivering linear returns, yet organizations around the world and across industries have already begun to prove advanced identity security can reap compounding benefits.”
Organizations that have developed mature identity security have 87% more coverage of non-human or machine identities, such as bots, compared to 28% for organizations in the early stages of their identity journey. This is significant because survey results also indicate that machine identities are highly fragmented with organizations and likely to grow faster than any other identity class.
According to past survey results, machine identities represent more than 40% of total identities within a given organization, and one-third of respondents expect machine identities to increase by 30% in the next year.
Higher coverage of third-party identities
Organizations demonstrating mature identity security have up to 50% higher coverage of third-party identities compared to those in the early stages of their identity journey. Third-party identities are an increasingly important identity class as more and more businesses are turning to third-party providers for critical services, therefore increasing the attack surface.
Mature identity security organizations are two times more likely to leverage identity data to create actionable intelligence and power new use cases such as intelligent guidance for user access, context-aware security policies, and intelligent access reviews. This is significant because it can enable more accurate and timely access decisions, a key to reducing security risk.
Organizations with mature identity security have nearly two times higher adoption of AI-powered identity solutions, which has proven to create scalable solutions and enhance productivity. They also have the foundations to invest in scalable GenAI-powered use cases, prioritizing tools for workflow creation, user entitlements, role descriptions, and natural language search. Alternatively, most early-stage organizations remain focused on automating basic help desk tasks.
92% of survey respondents report that insurers assess their cyber capabilities before setting premiums. Interestingly, more than 7 in 10 identity security decision makers view identity security as one of the three most impactful security capabilities determining cyber insurance premiums.
Over the last three years, SailPoint’s research have confirmed that the future of identity security will be shaped by integrated identity programs across diverse technology environments. This integration includes unified access controls providing visibility across all identity types, integration with security operations, and support for machine identity management and actionable intelligence.
Additionally, with advanced next-generation identity security, access decisions are increasingly driven by AI-powered analytics, which use context-aware policies to enhance security through anomaly detection, identity pattern recognition, and behavior analysis.