Identity security delivers highest ROI as AI drives maturity gap

The latest Horizons of Identity Security 2025–2026 report from SailPoint finds that identity security currently provides the highest return on investment among security priorities in the enterprise space.

A key finding from the report is the persistence of an identity maturity gap, with 63% of organisations remaining at basic levels of identity maturity while a smaller cohort progresses into more advanced stages. The research, which surveyed 375 identity and access management decision makers across the Americas, Europe, and Asia, reveals how organisations at the forefront of identity security leverage artificial intelligence and automation to deliver measurable improvements in cost savings, productivity, and risk reduction.

Maturity gap

According to the report, most organisations are still at the early stage of their identity journey. The majority remains in Horizons 1-2 - terminology used in the study to denote reliance on predominantly manual processes for identity management. Only 10% of respondents were found to operate in Horizons 4-5, which marks the transition to using identity platforms as catalysts for business growth.

The report notes the rising bar for identity maturity, driven by new requirements such as securing AI agents, enhancing identity data models, and implementing just-in-time access controls. It also highlights that for the first time in the survey's four-year history, some organisations reported a regression in maturity, attributed to the growing complexity of the security landscape.

AI as a differentiator

Organisations that have adopted AI-enabled identity controls outpace their peers in several key areas. The report finds they are four times more likely to deploy advanced capabilities, such as identity threat detection and response (ITDR), adaptive authentication, and governance for AI agents and bots. These mature organisations are also several times more likely to automate identity data synchronisation and unify fragmented identity workflows, generating operational efficiencies.

Matt Mills, President, SailPoint, commented on the evolving role identity plays in the enterprise:

"As organisations navigate a rapidly changing landscape, the report indicates that identity has become the top ROI generator in the security stack - helping enterprises cut costs, reduce risk, and accelerate growth. Today, identity is the central control point where policies are enforced, critical decisions are made, and security operations converge. Its future is tightly connected to security and AI-driven data governance, enabling enterprises to manage every identity - human, machine or AI agent - across the enterprise. With advances in AI, data management, and threat detection, modern identity security now delivers the unified visibility, expanded governance, and automated resilience organisations need."

Mills further stated, "Those advancing further across the Horizons are recognising identity's strategic role and reaping outsized benefits - positioning identity security as a key enabler of business performance."

Deployment and best practices

The report indicates that deployment complexity and disjointed data practices remain obstacles for many organisations. However, entities that prioritise steps such as data cleanup ahead of migration and standardise app onboarding processes appear significantly better positioned to scale identity programmes. According to study responses, organisations following these best practices are 1.6 times more likely to advance in maturity and successfully implement advanced technologies, including ITDR, adaptive authentication, and governance for AI-based agents.

Real-world examples cited in the report include Wipro and Specsavers. Wipro is expanding its focus from enterprise-wide adoption to automation and AI-driven solutions; Satvinder Madhok, Vice President, Business Integrated Technology Solutions at Wipro, stated:

"We are firmly focused on taking Wipro beyond enterprise-wide adoption of effective identity capabilities to advanced capabilities using automation and AI."

Specsavers, meanwhile, has moved to automate large numbers of manual tasks. This has had the dual effect of improving operational efficiency and its security posture, allowing for greater enforcement of least-privilege access policies.

ROI and strategy

The report's data shows that identity and access management delivers double the return compared to other security domains. Organisations that view identity as a strategic business priority are found to be 40% more likely to maximise these returns. For enterprises reaching higher levels of maturity in identity security, the typical return on investment is reported to reach up to ten times, driven by reductions in risk, support for AI initiatives, and business enablement.

These findings come as identity becomes increasingly integrated with data management and security controls. Mature organisations are unifying identity, data, and security - a "trifecta", according to the report - resulting in higher ROI and enhanced AI readiness.

Research methodology

The Horizons of Identity Security 2025-2026 report is based on a survey of 375 decision makers in information technology, cybersecurity, and risk, including more than half from organisations with over 10,000 employees. The majority were drawn from finance, technology, and healthcare. The survey categorised respondents into five horizons of maturity, with Horizons 4 and 5 updating their criteria this year to reflect heightened demands, such as AI agent lifecycle governance and multi-cloud entitlement management.