2 in 5 firms still green along identity security path

More than two in every five (44%) of companies are still at the beginning of their identity journeys, even if 90% of cybersecurity breaches are identity related, according to a report from SailPoint and Accenture.

The report is based on insights from more than 375 global cybersecurity executives across the Americas, Europe and Asia.

Findings also show that even mature companies cover less than 70% of the identities in their organisations through foundational governance capabilities. 

However, respondents noted that communicating the business value of identity security to executives is a key challenge. This underscores the need for identity security advocates to build executive-friendly business cases that are tailored to their audiences’ strategic priorities and value-driven mindset.

Further, 77% of respondents indicate that “limited executive sponsorship or focus” is a primary obstacle to investment in identity security, second only to budgetary constraints (91%). 

However, findings show that a strong identity security program can power business agility and innovation, risk mitigation, efficiency gains, and advancement of tech initiatives. 

For example, it can accelerate organisational change by as much as 30% through quicker integration of identities, applications, data and infrastructure.

Chern-Yue Boey, SailPoint SVP in the Asia-Pacific region, said that although some markets in the region have established regulatory frameworks related to identity and data security, several countries in APAC are either just starting to adopt or are in the process of enacting related regulations for the first time. 

Thus, the majority of APAC organisations are still in the beginning of their identity security journeys. 

“As the threat surface increases with a proliferation of digital identities, APAC businesses need to focus on accelerating their identity maturity and adopting a strong identity security program to not only prevent breaches, but to improve efficiency and generate business value,” said Boey.

On average, more than 30% of the identities in an organisation are not properly covered by identity solutions, with particular gaps around third-party identities, machine identities and data. Bringing those identities under the umbrella of a strong identity management program is essential for breach avoidance. 

Foundational security capabilities accelerate incident response, prevent bad actors from authenticating into internal systems and limit excessive access rights for employees — which survey respondents selected as the most common security deficiency enabling breaches.

The report also found that AI-based solutions have proven to be a potent accelerator, helping businesses add advanced new capabilities and drive greater agility. The report shows a growing number of organisations are exploring AI-backed dynamic trust models to evolve access based on user behavior. 

The findings also show that companies leveraging SaaS, AI and automation scale a notable 10-30% faster and get more value for their security investment through increased capability utilisation. 

More specifically, an identity platform leveraging automation and AI enables companies to scale identity-related capabilities up to 37% faster than companies without AI enablement.

Damon McDougald, global security digital identity lead at Accenture, said that while advanced technologies like artificial intelligence and generative AI are making it easier to expedite, manage and scale identity security initiatives many organisations are still at the start of their journeys. 

“Organisations should view this as an opportunity to accelerate their identity maturity timetable and establish a foundation for a secure digital transformation,” said McDougald.