3 days ago
IAM Maturity Lagging Across Most Organizations, GuidePoint Security Finds
HERNDON, Va.--(BUSINESS WIRE)--A new report released today by GuidePoint Security, in partnership with the Ponemon Institute, found that most organizations are falling short in their Identity and Access Management (IAM) strategy—leaving them vulnerable to identity-based threats.
These findings should serve as a call to action—identity is a primary attack vector and needs to be prioritized.
Although 75% of cyberattacks leveraged identity-based threats last year, GuidePoint Security's State of Identity and Access Management (IAM) Maturity Report has unveiled that IAM remains under-prioritized compared to other IT security investments, with most organizations still in the early to mid-stages of IAM maturity. Only half of respondents rate their IAM tools as effective, and even fewer (44%) express high confidence in their ability to prevent identity-based incidents.
'These findings should serve as a call to action—identity is a primary attack vector and needs to be prioritized,' said Kevin Converse, Vice President, Identity and Access Management at GuidePoint Security. 'Many organizations still rely on manual processes and outdated approaches, limiting their ability to manage risk. Achieving IAM maturity means understanding that IAM is more than just an IT function—it's a cornerstone of a robust and proactive security strategy.'
The report also highlights significant gaps in IAM technology, expertise and resources—factors that are stalling programmatic maturity and making it more difficult for organizations to secure identities across today's complex environments.
Key findings from The State of Identity and Access Management (IAM) Maturity Report include:
IAM is underfunded and underdeveloped. Only 50% of respondents believe their IAM tools and investments are effective. Investments in IAM trail behind other security priorities.
Manual processes and expertise gaps are barriers to maturity. A lack of appropriate technologies (54%), in-house expertise (52%) and resources (45%) are cited as top challenges to achieving IAM maturity. Many organizations still rely on spreadsheets, scripts and other manual efforts.
IAM maturity is a path to enhanced security. A small group (23%) of organizations that have invested in automation and advanced IAM technologies report fewer security incidents and stronger identity controls. They lead in adopting biometric authentication, identity threat detection and integrated governance platforms.
IAM implementation is misaligned with security goals. Surprisingly, 45% of respondents say the primary driver for IAM investments is to improve user experience—not security.
There is a disconnect in program perception and reality. While most organizations report having policies in place or in development (83%), only 28% have these policies integrated into their IAM platforms.
'IAM touches every application, user and device across the network,' Converse added. 'By treating it as a strategic priority—and investing accordingly—organizations can confidently embrace emerging technologies like AI, minimize risk and accelerate business growth.'
The State of Identity and Access Management Maturity Report is based on responses from a comprehensive survey of 625 U.S.-based IT and IT security professionals involved in their organizations' identity and access management program.
For more information:
About GuidePoint Security
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint's unmatched expertise has enabled 40% of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at
