Identity security: Many companies are still at the beginning

15 November 2024
| No comments
Identity security: Many companies are still at the beginning
Advertising

Share post

A provider of identity security for companies has presented its latest study "Horizons of Identity Security". Companies with advanced identity security are more open to AI-based solutions, have lower cyber risk and pay lower cyber insurance premiums.

SailPoint Technologies' latest 2024-2025 report shows that most organizations are still at the beginning of their identity security journey, while those that have already reached a certain level of maturity are achieving an above-average return on investment.

Advertising

Currently, the added value that identity security offers remains largely unused. Of the companies surveyed, around 41 percent are at the beginning of identity development, and only 10 percent are already at an advanced stage.

Key findings of the report

  • 83 percent of organizations reported fewer identity-related security issues due to their security investments in 2023.
  • Companies with mature identity security report higher profits than average.
  • Machine identities are expected to grow by about 3 percent over the next 5 to 30 years, gaining importance faster than any other type of identity.

The report lists several areas where mature identity security programs have made progress and unlocked new value opportunities:

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Better visibility of machine identities

Among organizations with mature identity security, 87 percent report greater visibility and control over their non-human or machine identities, compared to 28 percent of organizations in the early stages of identity development. The survey results also show that machine identities are highly fragmented within organizations and are growing faster than any other class of identity. Previous survey results have shown that machine identities account for more than 40 percent of all identities in an organization. A third of respondents also expect machine identities to grow by 30 percent in the next year.

Increased visibility of third-party identities

Among companies with mature identity security, up to 50 percent have more visibility and control over third-party identities than companies that are still in the early stages of identity development. Third-party identities, i.e. partners or external employees, are also an identity class that is gaining importance. More and more companies rely on third parties for critical services, for example, and thus increase their potential attack surface if they do not secure these identities accordingly.

use of intelligent identity data

Organizations with mature identity security are twice as likely to be able to leverage identity data to gain actionable insights and unlock new use cases, including intelligent user access policies, contextual security policies, and intelligent access controls. This is important because it enables more accurate and timely access decisions, a critical key to reducing security risk.

Greater acceptance of AI and willingness to invest in GenAI

Organizations with mature identity security are almost twice as likely to adopt AI-based identity solutions. These solutions provide scalability and increase productivity. Organizations with mature identity security have the foundations in place to invest in scalable GenAI-based use cases, prioritizing tools for creating workflows, user permissions, role descriptions, and natural language search. In contrast, most organizations focus on automating basic help desk tasks in the early stages.

Lower cyber insurance premiums

92 percent of respondents say insurers assess their resilience to cyber attacks before setting premiums. Interestingly, more than 7 in 10 decision makers consider identity security to be one of the top three security features that help determine cyber insurance premiums.

Investments in cybersecurity pay off

"The right identity strategy is critical to mitigating risk and combating the ever-present cyber threats," said Matt Mills, President of SailPoint. "With the right strategy, operating model, technology and expertise, organizations can achieve this goal, achieve superior ROI and positively impact the identity security value curve for their business. In general, we find that cybersecurity spend pays off linearly. But organizations around the world and across all industries have already begun to realize significant and sustainable benefits from advanced identity security."

Cybersecurity is increasingly characterized by integrated identity programs across different technology environments. This includes unified access controls that provide visibility across all types of identities, integration with security processes, and support for automated identity management. Access decisions are increasingly driven by AI-powered analytics that increase security through anomaly detection, identity patterns, and behavioral analytics. Organizations can leverage these capabilities to realize the vision of the future of identity security.

About the study and the methodology

For Horizons of Identity Security, identity and access management decision makers worldwide were asked to assess their identity security capabilities and define the future of identity security. This year's report is based on the insights of 350 global information technology, cybersecurity and risk leaders. More than half of respondents work in organizations with more than 10.000 employees. Unless otherwise noted, all data in this press release refers to the results of this survey.

More at SailPoint.com

 

About SailPoint

SailPoint is a leader in identity security for the modern enterprise. Enterprise security begins and ends with identities and access to them, but the ability to manage and secure identities is now far beyond human capabilities. Powered by artificial intelligence and machine learning, the SailPoint Identity Security Platform delivers the right level of access to the right identities and resources at the right time.

Matching articles on the topic

25 years with numerous cybersecurity challenges

As we approached the year 2000, the IT and business world looked with concern at the infamous “Y2K bug” – a ➡ Read more

AI poses growing challenges for data protection in 2025

With the introduction of generative AI in many companies, the amount of data that needs to be protected has increased by 2024. ➡ Read more

Threats in the European retail sector

In 2024, business services were the most frequently attacked sector in the retail sector, followed by retail and manufacturing. In France, Germany, and Italy ➡ Read more

Real-time deepfakes: The new dimension of cyberattacks

Artificial intelligence will also determine cybersecurity in 2025. One of the fields in which it has been used for some time is ➡ Read more

Cybersecurity in EMEA: These are the trends

Advanced ransomware, cloud attacks, and AI-based cyber warfare will threaten corporate cybersecurity in 2025. Phishing is the most common method of distributing malicious files. ➡ Read more

Study: Ransomware causes significant damage to companies

A ransomware attack causes maximum damage to companies: It takes a long time to resume normal operations afterwards. This leads to significant ➡ Read more

Cybersecurity: How platformization reduces complexity

For many companies, the complexity of their different security solutions represents a major challenge, according to a new global study ➡ Read more

KRITIS in the sights of the attackers

The drastic increase in cybersecurity incidents in German KRITIS facilities by 43 percent from 2023 to 2024 is a clear warning signal for ➡ Read more

 

Stories
, , , , , ,