Despite Macro, Identity & Access Management Remains Resilient

The TD Cowen Insight

We view the highly fragmented identity and access management (IAM) market within the broader security arena as one of the most mission-critical categories.

It represents a TAM of $30B by 2026 and is growing at a CAGR of 15% in the coming four years. We see multiple tailwinds supporting this level of growth, offering stability and revenue predictability even in the face of a moderating economy.

Identity and Access Management is Critical for Cybersecurity

We view the IAM category as one of the most mission-critical categories within the broader cybersecurity arena. It is a framework of policies and technologies to ensure that the right people (internal and external stakeholders of an organization) can be securely connected to the right technologies and services at the right time.

The resources IAM provides IT admins with include software tools required to complete a job when working remotely, access a database with mission-critical data, or services and applications hosted in the cloud. The IAM market is typically composed of four major sub-categories: Customer IAM (CIAM), Workforce Identity, Identity Governance and Administration (IGA), and Privilege Account Management (PAM).

Several Factors Support Continued IAM Growth

Major trends such as digital transformation, mobility, hybrid/remote work, growth in compliance and regulation, and product and vendor consolidation should sustain a healthy industry CAGR of 15% by 2026, growing to a TAM of $30B. Despite recent macro-related cracks underlining the recent reporting season by security companies, our survey finds IAM to be among the more recession-resilient IT security spending categories.

Deep Dive Into the IAM Market

IAM is complex for Chief Information Security Officers (CISOs) and investors alike. In this report, we dive into the four tool categories comprising the IAM market collectively. We also share recent survey data with empirical evidence to support our long-term favorable view. In addition, we have examined almost every IAM-related M&A transaction from Mar ’21 to Oct ’22 to further augment our ‘market consolidation implications’ view.

The Importance of Digital Identity Controls

It is mission critical to set up and maintain digital identity controls within the IT environment. That coupled with ever-tightening compliance and regulatory requirements aimed at protecting sensitive data of user information should continue to propel the demand for IAM security tools. This is especially true as the number of digital identities to manage increases.

Key Takeaways from CISO Survey

In fact, our field survey found that a staggering 98% of CISOs indicate that deploying IAM enhances the IT security of their organization. 72% of surveyed CISOs said they spent just 1% to 10% of their IT security budget on IAM in 2021. Our survey suggests a notably higher willingness to do so by 2023—with 87% and 13% of respondents saying they would probably allocate between 1% and 30% and between 51% and 90% of their IT security budget toward IAM, respectively.

The survey results strongly support our view that demand for IAM software should continue to grow over the medium term on the back of an ever-increasing number of digital identities that need to be effectively managed.