Notifications
Clear all
Topic starter
25/06/2026 10:45 pm
TL;DR: As cybersecurity budgets rose only 4% in 2025 and 61% of CIOs say proving ROI is very challenging, organisations are tightening spending while still prioritising AI and automation, according to IANS Research and Lenovo. The catch is that poorly integrated IAM can drive password sharing, workarounds, and workflow delays, turning inefficiency into a security risk rather than a productivity issue.
NHIMG editorial — based on content published by Imprivata: Experts urge shift toward ROI-focused cyber spending as IAM gaps introduce security risk and inefficiencies
By the numbers:
- cybersecurity budgets increased only 4% in 2025, down from 8% the year prior.
Questions worth separating out
Q: How should security teams reduce IAM friction without weakening control?
A: Start by identifying the access paths that users bypass most often, then redesign those steps so they fit the actual workflow.
Q: Why does IAM usability now matter to security leaders?
A: Because bad access design produces security losses as well as productivity losses.
Q: How can organisations tell whether IAM is improving ROI?
A: Look for fewer help desk tickets, fewer exception requests, shorter access delays, and lower rates of informal workarounds.
Practitioner guidance
- Map identity friction points to bypass behaviour Identify the access steps that most often trigger password sharing, repeated logins, or informal exceptions.
- Quantify IAM value in operational terms Track login delays, help desk tickets, exception approvals, and the time saved by reducing manual access handling.
- Tune continuous verification to session risk Apply stronger verification only when context changes or risk increases, rather than forcing the same interaction pattern everywhere.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- Examples of how access friction creates productivity loss in day-to-day clinical or enterprise workflows
- The vendor's ROI framing for balancing security enforcement with usability and efficiency
- Discussion points from the Forbes Tech Council article that expand on workflow redesign and end-user enablement
- The specific ROI assessment tool the vendor points readers toward for evaluating workforce productivity
👉 Read Imprivata's analysis of ROI-focused IAM spending and access friction →
IAM friction and ROI pressure: what security teams are missing?
Explore further
25/06/2026 11:25 pm
Access friction is now a governance risk, not just a user-experience issue. The article is right to treat inefficient identity controls as a security problem because people respond predictably to barriers by sharing credentials or bypassing process. That means the control failure is behavioural as much as technical, and the programme must be judged by whether it changes real access behaviour. The practitioner conclusion is simple: if an identity control invites routine circumvention, it is already losing value.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who should own the business case for modern IAM?
A: Ownership should sit with identity and security leaders together, because the business case spans risk reduction, user efficiency, and operational support costs. Finance will want the productivity story, while security will need the control story. A credible IAM case proves both with evidence from real access behaviour.
👉 Read our full editorial: ROI-focused IAM spending exposes the cost of access friction
