New findings from SailPoint’s Horizons of Identity Security 2025-2026 report highlight a widening identity maturity gap, with 63% of organizations remaining at basic levels of identity security while those adopting advanced programs gain significant advantages. Notably, organizations employing AI-enhanced identity security are four times more likely to implement sophisticated capabilities, leading to enhanced cost savings, productivity, and risk management. The report emphasizes the importance of data management and deployment best practices, such as prioritizing data cleanup and automated application onboarding, which significantly improve progression towards advanced security implementations. Additionally, it asserts that organizations that consolidate identity management, data practices, and security controls are better positioned to achieve higher returns on investment and readiness for AI integration, marking identity security as a crucial element for modern enterprises striving for agility and growth.
“As organizations navigate a rapidly changing landscape, the report indicates that identity has become the top ROI generator in the security stack—helping enterprises cut costs, reduce risk, and accelerate growth,” said Matt Mills, President, SailPoint. “Today, identity is the central control point where policies are enforced, critical decisions are made, and security operations converge. Its future is tightly connected to security and AI-driven data governance, enabling enterprises to manage every identity—human, machine, or AI agent—across their entire organization. With advances in AI, data management, and threat detection, modern identity security now delivers the unified visibility, expanded governance, and automated resilience organizations need.”
Mills added, “Those advancing further across the Horizons are recognizing identity’s strategic role and reaping outsized benefits—positioning identity security as a key enabler of business performance.”
Across four years of Horizons research, several key themes emerge. The bar for maturity continues to rise—progressing from manual IAM to automation, then to machine identity management, and now to AI agent lifecycle governance and adaptive trust. Identity types have expanded as well, from primarily human users and contractors in 2022 to machine identities in 2024 and today’s surge of AI agents. ROI leadership is also clear: according to our data, IAM consistently delivers twice the return of other security domains, and organizations treating identity as a strategic priority are 40% more likely to maximize that return.
Yet the execution challenges persist, with deployment complexity and poor data slowing some organizations. Even so, the overall trajectory is unmistakable: Identity has evolved from a back-office control to a catalyst for growth. Organizations that advance their maturity are better equipped to stay secure and realize greater success.
This year’s report shows that most organizations are still in the early stages of their identity journey. Nearly two-thirds (63%) remain stuck in Horizons 1-2, relying heavily on manual processes. Only a small group has advanced into higher maturity stages, with just 10% reaching Horizons 4-5, where identity transforms into a growth platform.
For the first time, we also saw some companies move backwards. The bar for maturity has risen: Today, it requires capabilities like AI agent security, stronger use of identity data models, and just-in-time access controls. As the landscape becomes increasingly complex, organizations must advance to maintain their position.
What sets these leaders apart is the way they are embracing advanced capabilities. According to the report, mature organizations are adopting AI-enabled identity controls at four times the rate of peers, using tools such as identity threat detection and response (ITDR), adaptive authentication, and governance for AI agents and bots. They are also 4-8 times more likely to deploy automated identity data synchronization, unifying fragmented identity data and lifecycle workflows, enabling measurable productivity gains across the enterprise.
For companies that are leapfrogging, the path forward is clear—and customer stories bring it to life. Wipro is evolving beyond enterprise-wide adoption to advanced automation and AI-driven capabilities, utilizing identity as a foundation to drive transformation. Specsavers has automated large volumes of manual tasks, strengthening its security posture while improving operational efficiency and enforcing least-privilege access. Other organizations show that by tackling deployment best practices first, they scale faster and unlock measurable productivity gains across the enterprise.
Reaching advanced identity security (i.e., moving from Horizon 3 to 4) requires more than basic automation. The organizations that succeed focus on data cleanup before migration, making them 1.6 times more likely to scale effectively. They also standardize app onboarding, apply automated lifecycle workflows, strengthen identity data synchronization, and unify fragmented identity data. These deployment best practices clear the path for advanced capabilities, such as ITDR, adaptive authentication, and AI-agent governance.
The payoff for those that advance to more mature Horizons is undeniable—and perhaps the starkest divide is strategic focus. According to the report, identity delivers the highest ROI of any security investment, consistently outpacing endpoint, network, and compliance tools. Enterprises that treat identity as a strategic enabler report typical ROI multiples of up to 10 times, reducing risk, driving revenue, and enabling AI safely.
“We are firmly focused on taking Wipro beyond enterprise-wide adoption of effective identity capabilities to advanced capabilities using automation and AI,” said Satvinder Madhok, Vice President, Business Integrated Technology Solutions, Wipro.
To explore the full findings and see where your organization stands, download the Horizons of Identity Security 2025–2026 report: www.sailpoint.com/horizons
The Horizons of Identity Security 2025-2026 report is based on a survey conducted in June 2025 of 375 IAM decision-makers across the Americas, Europe, and Asia. Respondents included senior leaders from IT, cybersecurity, and risk management. More than half are employed at organizations with 10,000 or more employees, and the majority are from the finance, technology, and healthcare sectors. Using their responses, SailPoint grouped organizations into five horizons of identity maturity based on strategy, technology, operating model, and talent. Horizons 4 and 5 were updated this year with new capability thresholds, including AI agent lifecycle governance and multi-cloud entitlement management, reflecting the rapidly rising bar for maturity in today’s landscape.
Unless otherwise indicated, all data points in this press release relate to the findings of this survey.
