Cybersecurity skills gap: what automation changes for IAM teams

TL;DR: Only 14% of companies say they have the talent and resources they need to meet security goals in 2025, according to Imprivata, as teams absorb more cloud complexity, burnout, and response pressure while trying to scale protection. The real shift is toward automation, managed services, and IAM controls that reduce operational load without weakening access governance.

NHIMG editorial — based on content published by Imprivata: Rethinking the Cybersecurity Skills Gap with Automation, Identity, and Managed Services

By the numbers:

• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
• Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.

Questions worth separating out

Q: How should security teams reduce identity workload without weakening access governance?

A: Prioritise repetitive work such as password resets, account provisioning, and routine access checks for automation, but keep approval, logging, and exception handling visible.

Q: When does managed security services help identity teams most?

A: Managed services help most when the internal team lacks 24x7 coverage but still retains policy authority and accountability.

Q: What do teams get wrong about passwordless authentication in IAM?

A: They often treat passwordless as a support shortcut rather than a governance change.

Practitioner guidance

• Automate repetitive identity tasks first Target password resets, access fulfilment, and routine account maintenance before expanding into higher-risk workflows.
• Define clear ownership for managed services Write down which access decisions, escalation paths, and audit findings remain owned by the internal team even when a provider handles monitoring or administration.
• Use passwordless to reduce service desk load Roll out phishing-resistant authentication where device assurance and recovery processes are already stable, then track whether reset volume and login friction actually decline.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• How the vendor frames managed services as a practical way to extend security coverage without adding headcount
• The specific IAM tasks that automation can absorb, including password resets and secure access workflows
• Why passwordless authentication is positioned as a way to lower support burden while improving user experience
• The broader business argument for blending identity tooling with external operational support

👉 Read Imprivata's analysis of automation, identity, and the cybersecurity skills gap →

Cybersecurity skills gap: what automation changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →