While most organisations are still in the early stages of their identity security efforts, those who achieve maturity are seeing disproportionately higher returns for every dollar spent, according to a report from SailPoint Technologies.
The report is based on a survey conducted in July 2024 and covered 349 cybersecurity executives across North America, Latin America, Asia and Europe. Among respondents, 11% are based in Asia.
Of the organisations surveyed, roughly 41% remain at the very beginning of their identity security journey with only 10% progressing to the more advanced stages; this large gap highlights the significant opportunities for organizations to realize the full potential of identity security.
SailPoint said the research suggests that organisations that mature their identity security practice can “bend” the identity security-to-value curve, delivering disproportionate economic impact.
These disproportionately higher returns are observed through three key factors — reduced cyber risk, increased business value, and improved productivity. More mature organisations gain disproportionate reductions in risk, higher top line business value, and increased workforce productivity.
Findings show that 83% or five in every six organisations reported fewer identity-related security issues due to their security investments in 2023.
“With strategic investment in identity security, APJ businesses can achieve enhanced capability coverage and data analytics, automation, lower cyber insurance premiums, and improved compliance,” said Chern-Yue Boey, SailPoint SVP in Asia-Pacific and Japan.
“With the right technology, strategy and expertise, organizations can attain identity security maturity and gain higher returns with increased maturity,” said Boey.
The report outlines several areas where mature identity security programs have progressed and unlocked new value pools.
First, stronger coverage of machine identities, the fastest growing identity class. Organisations with mature identity security have 87% more coverage of non-human or machine identities, such as bots, compared to 28% for organisations in the early stages of their identity journey.
This is significant because survey results also indicate that machine identities are highly fragmented with organizations and likely to grow faster than any other identity class.
Second, higher coverage of third-party identities. Organisations with mature identity security have up to 50% higher coverage of third-party identities compared to those in the early stages of their identity journey.
Third, leveraging identity data intelligence. Organisations with mature identity security are two times more likely to leverage identity data to create actionable intelligence and power new use cases such as intelligent guidance for user access, context-aware security policies, and intelligent access reviews.
This is significant because it can enable more accurate and timely access decisions, a key to reducing security risk.
Fourth, higher adoption of AI and willingness to invest in generative AI. Organisations with mature identity security have nearly two times higher adoption of AI-powered identity solutions, which has proven to create scalable solutions and enhance productivity.
And fifth, lower cyber insurance premiums. Among respondents, 92% report that insurers assess their cyber capabilities before setting premiums. More than 7 in 10 identity security decision makers view identity security as one of the three most impactful security capabilities determining cyber insurance premiums.
