SailPoint Technologies has released the findings from the 2024-2025 edition of its annual research report, ‘The Horizons of Identity Security’. This year’s report reveals that while most organisations are still in the early horizons of their identity security journey, those who achieve maturity are seeing a disproportionately higher return on investment.
Yet, the value of identity security remains largely untapped today. Of the organisations surveyed, roughly 41% remain at the very beginning of their journey, with only 10% progressing to the more advanced stages. This large gap highlights the significant opportunities for organisations to realise the full potential of identity security.
A graph of a number of blue squares
Description automatically generated with medium confidence
The 2024 Horizons of Identity Security report outlines several areas where mature identity security programmes have progressed and unlocked new value pools, such as:
· Stronger visibility of machine identities, the fastest growing identity class: Organisations with mature identity security have 87% more visibility and control of non-human or machine identities, such as bots, compared to 28% for organisations in the early stages of their identity journey. This is significant because survey results also indicate that machine identities are highly fragmented within organisations and likely to grow faster than any other identity class. According to past survey results, machine identities represent more than 40% of total identities within a given organisation, and one-third of respondents expect machine identities to increase by 30% in the next year.
· Higher visibility of third-party identities: Organisations with mature identity security have up to 50% higher visibility and control of third-party identities compared to those in the early stages of their identity journey. Third-party identities are an increasingly important identity class as more and more businesses are turning to third-party providers for critical services, therefore increasing the attack surface.
· Leveraging identity data intelligence: Organisations with mature identity security are twice as likely to leverage identity data to create actionable intelligence and power new use cases such as intelligent guidance for user access, context-aware security policies, and intelligent access reviews. This is significant because it can enable more accurate and timely access decisions, a key to reducing security risk.
· Higher adoption of AI and willingness to invest in GenAI: Organisations with mature identity security have nearly two times higher adoption of AI-powered identity solutions, creating scalability and enhancing productivity. Organisations with mature identity security have the foundations to invest in scalable GenAI-powered use cases, prioritising tools for workflow creation, user entitlements, role descriptions, and natural language search. On the other hand, most early-stage organisations remain focused on automating basic help desk tasks.
· Lower cyber insurance premiums: 92% of survey respondents report that insurers assess their cyber capabilities before setting premiums. Interestingly, more than 7 in 10 identity security decision makers view identity security as one of the three most impactful security capabilities determining cyber insurance premiums.
Matt Mills, President, SailPoint, said:
“Getting identity right is critical in reducing risk and countering increasingly sophisticated and pervasive cyber threats. Achieving identity security maturity does not have to be an arduous undertaking. With the right strategy, operating model, technology, and expertise, organisations can get there, seeing disproportionately higher returns and bending the identity security-to-value curve for their organisation. Typically, we see spending on cybersecurity delivering linear returns, yet organisations around the world and across industries have already begun to reap major and lasting benefits from advanced identity security.”
Cybersecurity will increasingly be shaped by integrated identity programmes across diverse technology environments. This includes unified access controls providing visibility across all identity types, integration with security operations, and support for machine identity management. Access decisions are increasingly being driven by AI-powered analytics, which enhance security through anomaly detection, identity pattern recognition, and behaviour analysis. Organisations can utilise these capabilities to set the north-star vision to reach the future of identity security.
A SailPoint customer, RWE, reached identity security maturity in just six months. RWE’s transformation included moving from on-premises manual identity management to a cloud, AI-driven solution enabling identity security at scale. The company was able to implement more comprehensive coverage, scaling its identity security from 2.5K to roughly 30K user accounts. Notably, it reduced onboarding time from 25 days to less than 3 hours on average, improving productivity. And—key to maturing an identity security programme —RWE implemented a unified approach to identity, moving from zero to 30 business units sharing an identity strategy. These findings underscore that committed investments in identity security help organisations safeguard their assets and gain competitive advantages in the digital age.