IAM Maturity Lagging Across Most Organizations

May 29, 2025 – Published on VMblog

A new report released by GuidePoint Security found that most organizations are falling short in their Identity and Access Management (IAM) strategy-leaving them vulnerable to identity-based threats.

Although 75% of cyberattacks leveraged identity-based threats last year, GuidePoint Security’s State of Identity and Access Management (IAM) Maturity Report has unveiled that IAM remains under-prioritized compared to other IT security investments, with most organizations still in the early to mid-stages of IAM maturity. Only half of respondents rate their IAM tools as effective, and even fewer (44%) express high confidence in their ability to prevent identity-based incidents.

“These findings should serve as a call to action-identity is a primary attack vector and needs to be prioritized,” said Kevin Converse, Vice President, Identity and Access Management at GuidePoint Security. “Many organizations still rely on manual processes and outdated approaches, limiting their ability to manage risk. Achieving IAM maturity means understanding that IAM is more than just an IT function-it’s a cornerstone of a robust and proactive security strategy.”

The report also highlights significant gaps in IAM technology, expertise and resources-factors that are stalling programmatic maturity and making it more difficult for organizations to secure identities across today’s complex environments.

Read More HERE.