The identity imperative: Why 90% of BFSI leaders say it’s critical
Ammar Faheem
Identity management is more critical than ever. Rising cyber threats, growing customer expectations for seamless digital experiences, and tightening regulatory requirements have made secure, frictionless identity management more than a nice-to-have; they have made it a strategic, security, and regulatory imperative.
Leaders from the banking, financial services, and insurance (BFSI) sector have realized this. In fact, 90% of respondents to the recent BFSI Insights survey conducted by ESG and Thales, Identity and Access in Banking, Financial Services, and Insurance: The Change Imperative, consider identity critical to high-priority initiatives. So, what’s driving this shift? And what’s holding organizations back?
Identity: The first line of defense
Aside from granting access, security is the first and most important function of an identity and access management (IAM) solution. And for good reason: valid account credentials were used in 30% of cyberattacks. Similarly, stolen credentials were the top attack vector in 2024, contributing to 32% of breaches.
Fortunately, BFSI leaders are taking action. In the ESG and Thales study, 90% of respondents said identity is critical to their high-priority security initiatives.
A strategic priority – not just a technical one
Traditionally, business leaders saw IAM as a backend IT function, a necessary, if not particularly exciting or innovative, reality. However, this perspective has shifted, with 80% of leaders saying they view workforce IAM as a strategic asset.
BFSI decision-makers view customer identity and access management (CIAM) even more ambitiously, with 42% describing it as a profit center that directly contributes to customer engagement, retention, and acquisition.
This reflects broader digital trends. Cloud-first strategies inherently introduce more applications and data sources, making identity a gatekeeper not only to access, but also to experience and trust.
Fragmentation and legacy barriers
Although business leaders recognize identity’s importance, it remains fragmented across the BFSI ecosystem. The average organization juggles nearly four different identity vendors for both workforce and customer identity needs, with only 2% having standardized workforce IAM and just 4% having CIAM.
Fragmentation breeds complexity, and legacy systems compound it. According to ESG, 75% of respondents say outdated identity technologies are impeding innovation, while 80% report that integrating identity with broader tools is a major pain point.
The consequences are significant. Legacy, poorly integrated IAM tools delay new service rollouts, hinder M&A agility, and stall Zero Trust initiatives. Perhaps worst of all, they frustrate both employees and customers, eroding productivity and satisfaction.
As a result, nearly 9 in 10 BFSI leaders want to rationalize their identity stacks, and half say it’s an urgent need.
The workforce identity challenge
Modern workforces are changing – and so are their identity needs. 91% of BFSI firms say the number of apps and data sources employees need to access will increase over the next year, and identity sprawl is following suit.
As a result, 93% of organizations are prioritizing workforce IAM modernization, driven by a need for operational efficiency, improved employee productivity, and digital transformation enablement.
And they’re optimistic about the results: 90% expect modernization to improve IGA efficiency, enhance cloud adoption, boost security framework implementation, and boost productivity.
Third-party identity: A new risk frontier
It’s not just employee identities that are growing – third parties are growing even faster. 4% of organizations report that contractor and partner access is expanding more rapidly than internal access, and 88% expect third-party identity requirements to keep increasing.
With growth comes risk. 58% say third-party access is a critical or high-security risk, and 89% classify it as at least moderate. The 2025 Verizon DBIR supports this concern, showing that third-party breaches have doubled year over year and now account for nearly 30% of all breaches.
This has prompted action: 89% are actively modernizing third-party identity capabilities—not just to shore up security and compliance but to enable better collaboration and agility.
CIAM: The growth engine
Customer identities are also growing at an astonishing rate; the study predicts 73.7% growth over the next 12 months. This scale brings complexity: 70% of respondents say reducing CIAM complexity is a top challenge, while 98% report at least one area of problematic manual work in their CIAM operations.
The outlook is, at least, positive. 87% of BFSI firms investing in CIAM modernization expect to see improvements in customer acquisition, and 84% expect gains in customer retention. With CIAM budgets set to grow by 11.4%, many organizations will realize those benefits.
Education still lags
However, it’s not all good news. While IT and cybersecurity teams overwhelmingly recognize identity’s strategic value, many line-of-business (LOB) leaders don’t. Nearly 4 in 5 respondents say LOB leaders need better internal education to elevate the importance of identity within the business.
This knowledge gap matters. Identity cannot be treated as a siloed concern. Its impact spans security, operations, compliance, and customer engagement. Bridging the knowledge divide is crucial to achieving buy-in for modernizations and leveraging identity investments to their full effect.
IAM: Bridging strategy and execution
Identity is no longer just an IT concern; it’s a business-critical function. As BFSI organizations race to modernize, awareness is not an issue, but execution is. Success hinges on unifying fragmented systems, modernizing legacy tools, and educating the wider business.
Only then can identity fulfill its potential: a foundation for security, a catalyst for innovation, and a driver of customer trust and business growth.
About the author:
Ammar is a digital transformation leader specializing in Product Marketing with a focus on B2C Customer Identity and Access Management (CIAM) within the Identity and Access Management (IAM) sector at Thales. He is a recognized thought leader in digital banking and payments, sharing insights at various international conferences and authoring articles for industry publications. When not implementing strong customer authentication and fraud prevention strategies, Ammar enjoys a nice game of cricket!