SailPoint unveils third annual Horizons of Identity Security report

Organisations with advanced identity security see reduced cyber-risk, increased business value and improved productivity, according to the report.

SailPoint Technologies, a leader in enterprise identity security, has released the findings from the 2024-2025 edition of its annual research report, The Horizons of Identity Security.

The latest report reveals that while most organisations are still in the early horizons of their identity security journey, those who achieve maturity are seeing a disproportionately higher return on investment.  

Yet, the value of identity security remains largely untapped today. Of the organisations surveyed, roughly 41% remain at the very beginning of their journey, with only 10% progressing to the more advanced stages. This large gap highlights the significant opportunities for organisations to realise the full potential of identity security.  

The 2024 Horizons of Identity Security report outlines several areas where mature identity security programmes have progressed and unlocked new value pools, such as: 

• Stronger visibility of machine identities, the fastest growing identity class: Organisations with mature identity security have 87% more visibility and control of non-human or machine identities, such as bots, compared to 28% for organisations in the early stages of their identity journey. This is significant because survey results also indicate that machine identities are highly fragmented within organisations and likely to grow faster than any other identity class. According to past survey results, machine identities represent more than 40% of total identities within a given organisation, and one-third of respondents expect machine identities to increase by 30% in the next year

• Higher visibility of third-party identities: Organisations with mature identity security have up to 50% higher visibility and control of third-party identities compared to those in the early stages of their identity journey. Third-party identities are an increasingly important identity class as more and more businesses are turning to third-party providers for critical services, therefore increasing the attack surface

• Leveraging identity data intelligence: Organisations with mature identity security are twice as likely to leverage identity data to create actionable intelligence and power new use cases such as intelligent guidance for user access, context-aware security policies and intelligent access reviews. This is significant because it can enable more accurate and timely access decisions, a key to reducing security risk

• Higher adoption of AI and willingness to invest in GenAI: Organisations with mature identity security have nearly 2x higher adoption of AI-powered identity solutions, creating scalability and enhancing productivity. Organisations with mature identity security have the foundations to invest in scalable GenAI-powered use cases, prioritising tools for workflow creation, user entitlements, role descriptions and natural language search. On the other hand, most early-stage organisations remain focused on automating basic help desk tasks

• Lower cyber insurance premiums: 92% of survey respondents report that insurers assess their cyber capabilities before setting premiums. Interestingly, more than seven-in-10 identity security decision makers view identity security as one of the three most impactful security capabilities determining cyber insurance premiums

Matt Mills, President, SailPoint, said: “Getting identity right is critical in reducing risk and countering increasingly sophisticated and pervasive cyber threats. Achieving identity security maturity does not have to be an arduous undertaking. With the right strategy, operating model, technology and expertise, organisations can get there, seeing disproportionately higher returns and bending the identity security-to-value curve for their organisation.

“Typically, we see spending on cybersecurity delivering linear returns, yet organisations around the world and across industries have already begun to reap major and lasting benefits from advanced identity security,” Mills added.

Cybersecurity will increasingly be shaped by integrated identity programmes across diverse technology environments. This includes unified access controls providing visibility across all identity types, integration with security operations, and support for machine identity management. Access decisions are increasingly being driven by AI-powered analytics, which enhance security through anomaly detection, identity pattern recognition and behaviour analysis. Organisations can utilise these capabilities to set the north-star vision to reach the future of identity security.