Identity security emerges as top ROI driver as AI boosts maturity

The latest Horizons of Identity Security 2025-2026 report from SailPoint finds identity security now delivers the highest return on investment of any security discipline, as artificial intelligence capabilities and cohesive deployment practices set apart high-performing organisations.

SailPoint's research, based on a survey of 375 identity and access management decision makers globally, shows a widening gap between organisations at the forefront of identity security and those lagging behind. The report identifies that 63% of organisations are still operating at basic maturity levels, relying on manual identity processes, while only 10% have reached the most advanced stages defined as Horizons 4-5.

Matt Mills, President of SailPoint, said identity has quickly become a critical driver for improved security and business productivity, outpacing other security technologies. Millennials commented,

"As organisations navigate a rapidly changing landscape, the report indicates that identity has become the top ROI generator in the security stack - helping enterprises cut costs, reduce risk, and accelerate growth. Today, identity is the central control point where policies are enforced, critical decisions are made, and security operations converge. Its future is tightly connected to security and AI-driven data governance, enabling enterprises to manage every identity - human, machine or AI agent - across the enterprise. With advances in AI, data management, and threat detection, modern identity security now delivers the unified visibility, expanded governance, and automated resilience organisations need."

Mills added, "Those advancing further across the Horizons are recognising identity's strategic role and reaping outsized benefits - positioning identity security as a key enabler of business performance."

Identity maturity gap

The annual Horizons research shows the standard for identity maturity is rising each year. Initial identity access management focused on manual controls. Organisations that invest in automation, machine identity management, and advanced AI-driven lifecycle governance now reap greater benefits. According to SailPoint's data, identity and access management (IAM) "consistently delivers twice the return of other security domains", and businesses treating identity as strategic "are 40% more likely to maximise that return".

Some organisations have slipped backwards as the bar rises. This year, only a fraction achieved the highest maturity, which demands new skills and technology, including AI agent security and real-time access controls. The report also notes that identity types have broadened beyond human users to cover machine identities and the recent influx of AI agents in the workforce.

Artificial intelligence and automation

The research highlights a strong correlation between AI adoption and identity maturity. Organisations with AI-enabled identity security are four times more likely to implement advanced controls, such as identity threat detection and response, adaptive authentication, and governance for non-human identities. These organisations use automation to synchronise identity data and streamline onboarding, which supports productivity across their operations.

Companies like Wipro and Specsavers are cited for their use of automation and data-driven identity processes. Wipro has moved to advanced automation and AI-based capabilities to transform its security practices, while Specsavers has automated manual identity tasks to improve efficiency and enforce least-privilege access.

According to Satvinder Madhok, Vice President, Business Integrated Technology Solutions, Wipro, "We are firmly focused on taking Wipro beyond enterprise-wide adoption of effective identity capabilities to advanced capabilities using automation and AI."

Deployment best practices

The report emphasises that technical maturity is not just about automation, but about strategic data management and disciplined rollout practices. Organisations that clean up identity data before migrating, standardise application onboarding, and automate lifecycle workflows are more likely to progress. Those who do so are 1.6 times more likely to scale identity management effectively.

Mature organisations are significantly more likely to unify fragmented identity data and automate synchronisation, laying the foundation for advanced features. Mastery of these basics enables deployment of newer approaches like identity threat detection and AI-driven governance.

Return on investment and future direction

SailPoint reports that identity security regularly outpaces other security domains, such as endpoint and network controls, for ROI. The "identity + data + security" trifecta sets apart those prepared for AI-driven challenges. Organisations that position identity as a core business enabler report ROI multiples as high as 10 times - with reductions in risk and increased revenue capabilities cited.

The 2025-2026 Horizons of Identity Security report points to the upward trajectory in identity maturity, as organisations evolve from manual processes to automated, AI-ready environments, and reinforces that strategic investment in identity unlocks both operational and security advancements.