Delinea research shows CISOs prioritize identity threat response. Spending on IAM, CIEM, IGA, and ITDR grows to tackle evolving human and non-human risks.
Delinea, a pioneering provider of solutions for securing identities through centralized authorization, has published new research analyzing the enterprise’s evolving state of identity security. The report “Why CISOs Must Prioritize a Strong Identity Security Strategy—and Where to Start” found that detecting and responding to identity threats is the number one priority for organizations as identity-focused vulnerabilities and attacks like ransomware rise.
Based on a comprehensive survey of 300 technology and security leaders, the report highlights the critical role that identity and access management (IAM) play in managing and safeguarding the complex relationships inherent in modern digital ecosystems – which now encompass both human and non-human identities. As the rise of non-human identities continues to transform the landscape, the findings reveal a shift from focusing solely on authentication to adopting a more holistic strategy that includes intelligent authorization, entitlements, governance, privileged access management (PAM), and other key elements that are essential for safeguarding digital environments.
“Strong identity management has become foundational to an organization’s overall security posture,” said Art Gilliland, CEO of Delinea. “As businesses adapt to an increasingly complex digital landscape driven by cloud technologies, hybrid work models, and sophisticated cyber threats, legacy solutions will be exposed. Those who fail to evolve and implement modern identity security strategies risk falling victim to the next wave of cyberattacks, which are more frequently targeting vulnerable credentials.”
Also Read: Inside Identity Fraud: Tactics, Tech, and How to Stay Safe
Key findings from the report include:
- Identity security as a critical investment: One in four organizations spend over 30% of their IT budget on IAM technology and processes, and more than half allocate 20% or more. Additionally, 78% of organizations expect to increase their identity security spending in 2025.
- A shift toward advanced IAM solutions: While multifactor authentication (MFA) remains a top priority for most organizations (51%), cloud infrastructure entitlements management (CIEM) and identity governance and administration (IGA) are closely followed, tied for 49%. Identity threat detection and response (ITDR) and PAM rounded out the top five, named by 46% and 43%, respectively.
- Increased complexity poses major challenges: A third of respondents identified complexity in existing infrastructures as the biggest obstacle to effective identity management. Resistance from users and stakeholders, siloed identity technologies, lack of integration, and outdated legacy systems were also frequently cited as hindrances to scaling and securing modern digital ecosystems, with 88% of organizations considering consolidating their IAM vendors – most of them within the next year.
- Identity security priorities: The top five IAM priorities reported by those surveyed include:
- Detecting and responding to identity threats
- Securing credentials, secrets, and privileged accounts
- Managing identities and entitlements in the cloud
- Visibility into all identities and levels of access
- Securing remote work and third-party risk
Also Read: What is the Status of Quantum-safe Digital Signatures?
The future is AI
Looking ahead, the report suggests that AI will play a key role in shaping the future of identity security. Over 94% of survey respondents plan to adopt AI-driven identity technologies now or shortly, with 55% having already adopted or are already in the adoption process. AI is expected to enhance identity security in several ways:
- Automating identity governance: AI will help streamline policy enforcement and entitlement management, reducing the burden on security teams.
- Advanced threat detection: AI-powered tools will enable faster and more accurate detection of identity-related anomalies, improving the ability to respond to threats in real-time
- Securing non-human identities: With the growing number of machine-to-machine interactions, AI will help organizations secure and manage automated systems, AI platforms, DevOps environments, and other non-human identities. Over a quarter (28%) consider securing nonhuman or machine identities a top priority for the coming year.
