The great divide: Insights from the 2025 Horizons of Identity Security report

The 2025 Horizons of Identity Security report makes one thing clear: Identity security has evolved from a back-office control to the highest return on investment (ROI) in the cybersecurity stack.

This year’s research, conducted in partnership with McKinsey and based on insights from 375 global identity leaders, reveals a stark divide. While organizations rank identity security as their top ROI in cybersecurity, the majority still struggle to keep pace. A staggering 63% of responding organizations remain stuck in the earliest stages of identity maturity, relying on manual provisioning, fragmented tools, and static controls in an increasingly dynamic, AI-driven world.

Identity’s transformation, and why it matters

Identity is no longer just a gatekeeper. It is the nerve center of enterprise security, coordinating permissions, powering workflows, and making real-time decisions across every human and digital identity.

When identity is integrated with broader data and automation platforms, the benefits are exponential. This year’s report found that enterprises leveraging AI-enabled capabilities are 4 times more likely to have real-time synchronization across systems, and up to 4.5 times more likely to enforce unified policies across hybrid and cloud environments. These advancements translate directly into greater efficiency, faster onboarding, and measurable cost reduction.

But the impact doesn’t stop there. The report reveals that companies achieving higher maturity see ROI multiples up to 10 times greater than traditional security investments. In other words, mature identity programs don’t just protect the business, they accelerate it.

The maturity gap widens

Despite the clear benefits of advancing identity maturity, the data paints a picture of growing polarization. For every three organizations moving to higher horizons by maturing their programs, two are falling behind. This is not because they’ve stopped investing—it’s because the bar for excellence has risen faster than most can adapt.

Reaching Horizons 4 and 5 now requires capabilities that didn’t exist or were barely on the radar just a few years ago: AI agent governance, machine identity security, and data-driven policy automation. These are the hallmarks of today’s identity leaders.

While 63% of organizations remain in Horizons 1 and 2, struggling with manual processes, the leaders in Horizons 3 and beyond are reaping the benefits of real-time intelligence. They’re using identity data to drive automation across multiple systems, shortening M&A integration times by up to 60%, and embedding AI-assisted decision-making into day-to-day operations.

This is what we at SailPoint call “The Great Divide”—the widening gap between organizations treating identity as a security checkbox and those leveraging it as a strategic infrastructure.

Where ROI meets strategy

One of the most striking insights from this year’s report is that the greatest returns come when identity moves beyond risk reduction. When identity powers automation, accelerates time-to-access, and enables smarter workflows, its value compounds across the business.

Mature identity programs can improve business enablement through agility and accelerated digital transformations. They can generate revenue with workforce optimization and business agility. And, they can help reduce costs through optimized processes and improved resource utilization.

Yet only 25% of organizations view identity as a true business enabler, while 57% still treat it like a 'security control' or 'compliance checkbox.' This outdated mindset is holding back both innovation and security.

Leaders, on the other hand, are reframing identity as a driver of measurable outcomes. They quantify the impact of identity data on operating margin, customer experience, and innovation velocity. They make the business case, and secure buy-in to keep advancing their programs—and their organizations.

Closing the divide: Three pathways to action

Knowing the challenges isn’t enough. Progress requires a roadmap. Organizations can take specific pathways to get started on their journeys, including:

1. Accelerate your horizon advancement

The first step is to understand where you are so you can take the next logical step forward.

• If you’re in Horizon 1, focus on building a centralized platform with foundational controls and structured application onboarding.
• At Horizon 2, begin automating provisioning and certification workflows to reduce manual overhead.
• In Horizon 3, transform from static controls to contextual, real-time, adaptive identity operations.
• For advanced organizations, the next frontier is AI agent governance and machine identity security.

Each stage builds on the last. The goal is consistent progress, not perfection.

2. Master deployment excellence

A successful identity security implementation isn’t just about the technology, it’s also about execution.

Our research found that only 14% of organizations say their most recent deployment was completely successful, and 48% ran over budget.

The difference between success and struggle comes down to three core practices:

• Keep your identity data clean
• Use a tiered governance framework that scales with your organization
• Build reusable templates instead of reinventing each deployment

When these practices are in place, organizations are 1.5 times more likely to achieve complete success and 1.5 times more likely to stay under budget.

3. Reframe identity as strategic infrastructure

The ultimate pathway to success is a shift in mindset.

It’s time to stop viewing identity as just an IT control. Instead, recognize that it is a business enabler and a risk mitigator. Identity drives margin impact, fuels revenue growth, and reduces costs –all while strengthening compliance and threat resilience. The most advanced enterprises embed identity into nearly every core business system: HR for smarter onboarding, CRM for personalized customer experiences, ITSM for automation, and AI frameworks for secure autonomy.

Together, these capabilities define the total economic impact of modern identity. Each pathway builds on the one before, creating a compounding advantage for those who execute with focus and precision.

Securing the future

Identity has fundamentally transformed. It’s the connective fabric of the modern enterprise.

Today, the gap between leaders and laggards comes down to how organizations adapt to this new reality. Those that automate at scale, govern AI agents, and harness identity data as a strategic asset are realizing outsized returns.

For those still managing access manually, the message is simple: Start now. Build your foundation, clean your data, and automate wherever possible.

For the more advanced, understand that AI agent security will define the leaders of the next decade.

Because identity isn’t just about securing access anymore. It’s about securing your future.

Find out where your organization’s identity program stands: take our maturity assessment today.