Cybersecurity skills gap and IAM automation: what teams should change

TL;DR: Security teams are operating with a widening capacity gap, and Imprivata cites recent research showing that only 14% of companies say they have the talent and resources needed to meet their security goals. The practical answer is not simply more headcount, but tighter use of managed services, identity automation, and passwordless access to reduce toil and protect overstretched teams.

NHIMG editorial — based on content published by Imprivata: Rethinking the Cybersecurity Skills Gap with Automation, Identity, and Managed Services

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• NHIs outnumber human identities by 25x to 50x in modern enterprises.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

Questions worth separating out

Q: How should security teams reduce identity workload when staffing is limited?

A: They should automate repetitive identity tasks first, then delegate bounded operational work to managed services where runbooks and escalation paths are explicit.

Q: Why do passwordless programmes help overstretched security teams?

A: Passwordless programmes reduce password reset volume, lower phishing exposure, and shrink a major source of support burden.

Q: What breaks when identity operations stay manual during a skills shortage?

A: Manual identity operations create slow approvals, inconsistent entitlement handling, and greater reliance on individual availability.

Practitioner guidance

• Map which identity tasks consume scarce analyst time Separate password resets, access fulfilment, monitoring, and exception handling so you can see where staff time is being spent.
• Use managed services for bounded operational coverage Outsource monitoring or alert triage only where runbooks, escalation paths, and evidence requirements are already defined.
• Treat passwordless as an operating-model change Roll out passwordless authentication together with enrolment, recovery, and exception controls.

What's in the full article

Imprivata's full article covers the practical detail this post intentionally leaves at a higher level:

• How managed services can be layered into an existing security operating model without creating ownership gaps
• How passwordless authentication reduces help-desk burden while changing recovery and exception management
• How automation can remove repetitive identity work from queues while preserving logging and approval traceability

👉 Read Imprivata's analysis of automation, identity, and the cybersecurity skills gap →

Cybersecurity skills gap and IAM automation: what teams should change?

Explore further

View Full Forum →  |  NHI Foundation Course →