AUSTIN, Texas–(BUSINESS WIRE)–SailPoint Technologies, Inc., a leader in enterprise identity security, today released the findings from the 2024-2025 edition of its annual research report, ‘The Horizons of Identity Security.’ This year’s report reveals that while most organizations are still in the early horizons of their identity security journey, those who achieve maturity are seeing disproportionately higher returns for every dollar spent.
The value of identity security remains largely untapped today. Of the organizations surveyed, roughly 41% remain at the very beginning of their identity security journey with only 10% progressing to the more advanced stages; this large gap highlights the significant opportunities for organizations to realize the full potential of identity security.
Our research suggests that organizations that mature their identity security practice can “bend” the identity security-to-value curve, delivering disproportionate economic impact. These disproportionately higher returns are observed through three key factors: reduced cyber risk, increased business value, and improved productivity. More mature organizations gain disproportionate reductions in risk, higher topline business value, and increased workforce productivity.
“Achieving identity security maturity does not have to be an arduous undertaking. With the right strategy, operating model, technology, and expertise, organizations can get there, seeing disproportionately higher returns and bending the identity security-to-value curve for their organization,” said Matt Mills, President, SailPoint. “Typically, we see spending on cybersecurity delivering linear returns, yet organizations around the world and across industries have already begun to prove advanced identity security can reap compounding benefits.”
The 2024 Horizons of Identity Security report outlines several areas where mature identity security programs have progressed and unlocked new value pools, such as:
- Stronger coverage of machine identities, the fastest growing identity class: Organizations with mature identity security have 87% more coverage of non-human or machine identities, such as bots, compared to 28% for organizations in the early stages of their identity journey. This is significant because survey results also indicate that machine identities are highly fragmented with organizations and likely to grow faster than any other identity class. According to past survey results, machine identities represent more than 40% of total identities within a given organization, and one-third of respondents expect machine identities to increase by 30% in the next year.
- Higher coverage of third-party identities: Organizations with mature identity security have up to 50% higher coverage of third-party identities compared to those in the early stages of their identity journey. Third-party identities are an increasingly important identity class as more and more businesses are turning to third-party providers for critical services, therefore increasing the attack surface.
- Leveraging identity data intelligence: Organizations with mature identity security are two times more likely to leverage identity data to create actionable intelligence and power new use cases such as intelligent guidance for user access, context-aware security policies, and intelligent access reviews. This is significant because it can enable more accurate and timely access decisions, a key to reducing security risk.
- Higher adoption of AI and willingness to invest in GenAI: Organizations with mature identity security have nearly two times higher adoption of AI-powered identity solutions, which has proven to create scalable solutions and enhance productivity. Organizations with mature identity security have the foundations to invest in scalable GenAI-powered use cases, prioritizing tools for workflow creation, user entitlements, role descriptions, and natural language search. Alternatively, most early-stage organizations remain focused on automating basic help desk tasks.
- Lower cyber insurance premiums: 92% of survey respondents report that insurers assess their cyber capabilities before setting premiums. Interestingly, more than 7 in 10 identity security decision makers view identity security as one of the three most impactful security capabilities determining cyber insurance premiums.
Over the last three years, our research and experiences have confirmed that the future of identity security will be shaped by integrated identity programs across diverse technology environments. This integration includes unified access controls providing visibility across all identity types, integration with security operations, and support for machine identity management and actionable intelligence. Additionally, with advanced next-generation identity security, access decisions are increasingly driven by AI-powered analytics, which use context-aware policies to enhance security through anomaly detection, identity pattern recognition, and behavior analysis. Organizations can utilize these next-generation capabilities to set the north-star vision to reach the future of identity security.
A SailPoint customer, RWE reached identity security maturity in just six months. RWE’s identity security transformation included moving from on-premises manual identity management to a cloud, AI-driven solution enabling identity security at scale. The company was able to implement more comprehensive coverage, scaling its identity security from 2.5K to roughly 30K user accounts. Notably, it reduced onboarding time from 25 days to less than 3 hours on average, improving productivity. And—key to maturing an identity security program—RWE implemented a unified approach to identity, moving from zero to 30 business units sharing an identity strategy. These findings underscore that committed investments in identity security help organizations safeguard their assets and gain competitive advantages in the digital age.
Learn more about Horizons at SailPoint’s flagship “Navigate: Identity Security Transformed” conference kicking off in Orlando and followed by a series of global events in São Paulo, Singapore, Sydney, and London. To register, visit the Navigate website.
Download a copy of the 2024-2025 Horizons of Identity Security report and take the maturity assessment.
About the research and methodology
‘The Horizons of Identity Security’ surveyed identity and access management decision-makers across the globe to assess their capabilities across identity security horizons and define the future of identity. This year’s report is based on insights from 350 global cybersecurity senior leaders in information technology, cybersecurity, and risk. Of those surveyed, more than half work for organizations with more than 10,000 employees. Unless otherwise indicated, all data points in this press release relate to the findings of this survey.
About SailPoint
SailPoint equips the modern enterprise to seamlessly manage and secure access to applications and data through the lens of identity – at speed and scale. As a category leader, we continuously reinvent identity security as the foundation of the secure enterprise. SailPoint delivers a unified, intelligent, extensible platform built to defend against today’s dynamic, identity-centric cyber threats while enhancing productivity and efficiency. SailPoint helps many of the world’s most complex, sophisticated enterprises create a secure technology ecosystem that fuels business transformation.
