Experts Urge Shift Toward ROI-Focused Cyber Spending as IAM Gaps Introduce Security Risk and Inefficiencies

As economic pressure tightens and IT talent remains in short supply, organisations are allocating cybersecurity budgets with a sharpened lens toward driving efficiency and ROI. A recent IANS Research report found that cybersecurity budgets increased only 4% in 2025, down from 8% the year prior. And while the demand to prove ROI from tech investments is rising, 61% of CIOs said it's very challenging to do so, according to Lenovo.

This financial shift is forcing organisations to scrutinise every line item as they navigate economic uncertainty, with many prioritising solutions known to drive efficiency, like AI and automation. But experts caution against overlooking foundational security layers, particularly Identity and Access Management (IAM). As IAM systems grow more complex and cyber threats grow more sophisticated, poorly integrated access controls can slow workflows and prompt risky workarounds like password and credential sharing. These actions can introduce new vulnerabilities and undermine the effectiveness of broader cybersecurity and IT investments.

“Security is non-negotiable, but such systems can backfire if they inhibit usability and efficient workflows,” said Imprivata CEO Fran Rosch in a Forbes Tech Council article. “Users will often try to circumvent security tools that feel like obstacles to the work they need to do, which is why the most effective cybersecurity strategies are not just about enforcement but enablement.”

At the same time, more organisations are viewing IAM as a key driver of both efficiency and security. With hybrid workforces and expanding cloud environments, strategies that are secure and efficient by design are becoming essential. Experts point to IAM frameworks built on principles of zero trust and continuous authentication as key to balancing usability with protection.

“Inefficiency is the new threat vector. Every login delay, friction point or manual workaround is a potential opening for attackers,” said Rosch in a Forbes Tech Council article. “That’s why identity and access management (IAM) frameworks—when designed for both security and usability—are becoming foundational to modern cyber resilience.”

When thoughtfully implemented, IAM can reduce friction, improve productivity, identify threats and inefficiencies, ultimately strengthening the organisation’s overall security posture and driving ROI.

As economic and staffing challenges persist, security leaders are being urged to treat IAM as a strategic enabler, critical for cybersecurity, maintaining workforce efficiency, and long-term resilience.

Get more insight on this topic in this Forbes Tech Council article.

Learn how to drive workforce productivity, improve security, and optimise limited resources with Imprivata’s ROI assessment tool.