Investing in digital identity is essential: The costs of inaction are high

The SailPoint Blog
| SailPoint | Market Views

Authored by Jaishree Subramania, Vice President of Product Marketing

In mylast blog covering our Horizons of Identity Security research report, I touched on the five distinct horizons of identity security and the key enablers that determine where an organization sits in its identity journey. Today, I’ll touch on another aspect of the report: why investing in identity security programs and evolving them to a more mature state is business essential. As you’ll see from our infographic, the costs of not taking action today are substantial.

Companies that began investing in a strong identity program years ago did so for obvious security reasons, and that investment is paying off. Research has shown that the average cost of one data breach in 2022 was $4.35M. Our survey found that fewer than half of “forward-thinking” companies suffered an identity-related breach (almost all breaches) in the past year as those with “reactive” security cultures. There have been several recent breaches where attackers were able to compromise an employee or third-party user identity and steal millions of customer records. Companies facing such a breach could lose hundreds of millions of dollars in regulatory fines, reputational damages, and potential ransomware payments.

A strong identity program is a critical deterrent to such cyber-attacks and can do much more than boost security: it can reduce costs associated with security operations, improve operational efficiency, and speed attack response and recovery. About 40% of all IT helpdesk calls are password related. Most of these can be eliminated through modern IAM solutions such as automated password reset tools, chatbot-driven systems, or even password-less access.

A modern identity program doesn’t just reduce cost—it can also positively impact the top line. A recent survey on key customer experience showed well over half of online shoppers abandon their purchases due to login friction, which can be reduced with a better identity experience.

Opportunity Costs – Business Value Creation

As companies move from Horizon 1, the beginning, to Horizon 5, the most advanced, the survey found that each jump to the next horizon increases value across five vectors:

  • Enterprise risk management: Improve security resilience with faster response and recovery from a cybersecurity attack, secure business operations, and ensure continuity.
  • Cost and operational efficiency: Enable cost savings in helpdesk tickets as well as faster workforce access, which will increase productivity.
  • Digital and organizational transformation and innovation: Secure and support the next generation of business technology transformation and innovation programs with built-in digital identity.
  • Compliance: Companies in Horizon 2 gain efficiencies by addressing simple compliance requirements, while those in Horizon 3 improve operational efficiency and continuous compliance.
  • Employee and customer experience: Improve the digital experience for employees and customers, enable seamless collaboration across employees and partners, and enable future work models.

We found that organizations improve their security posture and resilience as they advance through their identity journey. An organization moving from Horizon 3 to Horizon 4 will detect and respond to attacks 40% faster thanks to AI and better visibility across the environment, decreasing the average response time to a security breach from three hours to as fast as three minutes. As in other types of crimes and accidents, response times are critical to containing damage and speeding recovery.

Additionally, it increases efficiency, where moving from Horizon 2 to Horizon 4 reduces manually processed identity helpdesk tickets by 85%. We also found that a jump from Horizon 1 to Horizon 4 reduces the time spent on identity audits by 70%. Identity solves essential security compliance controls where a lack of compliance would otherwise cost 2.7 times more than compliance. No enterprise today can afford to take a “good enough” approach to identity security. And this report fully validates what we’ve seen among companies, especially in the last few years. Identity security has evolved to be core to securing the enterprise today and enabling rapid digital and organizational transformation and innovation. From that lens, wouldn’t you want to strive for the best, aiming for Horizon 5? If so, a great start is to find out which horizon you’re currently on by taking your self-assessment.