ISG Provider Lens™ Cybersecurity – Solutions and Services - Identity and Access Management - U.S. 2025

The evolving complexity of cyberthreats in the U.S. demands adaptive resilience and AI-centric security

Current state of the U.S. cybersecurity threat landscape

The cybersecurity threat landscape in the U.S. remains highly dynamic, presenting continuous challenges for organizations. Analysis of recent incidents by industry and public sector organizations reveals ongoing evolution in
adversary tactics and a concerning increase in the scale and impact of attacks.

Recent data breaches and their impact: The frequency and impact of data breaches affecting U.S. enterprises and service providers have shown a concerning upward trend throughout 2024. The ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group, significantly impacted the healthcare industry in February 2024. This
incident disrupted medical claims processing nationwide and exposed the sensitive data of over 100 million  individuals, leading to an estimated financial impact exceeding $3 billion for UnitedHealth Group. The financial services
industry also remains a frequent target, with institutions facing persistent threats aimed at disrupting operations and exfiltrating sensitive financial data. Furthermore, the breach of the cloud data platform Snowflake in May 2024 demonstrated the expanding attack surface in cloud environments, affecting over 100 of its customers, including major corporations such as AT&T and Ticketmaster. These high-profile incidents serve as reminders of the persistent challenges in preventing sophisticated intrusions and the substantial financial, operational and reputational consequences they impose.

The rise of ransomware and extortion tactics: Ransomware continues to be a dominant threat in the U.S. cybersecurity landscape, with increased frequency and sophistication of attacks in 2024. The average ransom demand
in the year’s first half surged to more than $5.2 million, highlighting the significant financial stakes involved. Double extortion tactics, involving both data encryption and exfiltration, are now commonplace, increasing the pressure on organizations to pay demands. Industry analysis highlights numerous ransomware attacks targeting critical  infrastructure and various sectors, emphasizing the need for proactive prevention and robust recovery strategies to ensure business resilience.

Increase in AI-related attacks: Threat actors are rapidly adopting and adapting AI technologies, including generative AI (GenAI), to enhance the effectiveness and scale of their malicious activities. This includes automating spear phishing campaigns, generating convincing deepfakes for social engineering and accelerating the identification of software vulnerabilities. AI-enhanced malware attacks have emerged as a primary concern for IT professionals, with a significant percentage identifying it as the most concerning AIgenerated threat. This rapid access to  cuttingedge technologies allows adversaries to reduce the time required to exploit vulnerabilities, compromise data and build ransomware, creating a significant challenge for defenders.

Trending cybersecurity capabilities in the U.S. market

In response to the evolving threat landscape and increasing regulatory pressures, several cybersecurity services and solutions are gaining significant traction within the U.S. market, with a growing emphasis on enhancing organizational resilience. This shift reflects an urgent need for advanced technologies and strategies to safeguard critical assets and adapt to dynamic security requirements.

● AI for cybersecurity and cybersecurity for AI: The U.S. market is witnessing a significant focus on both leveraging AI to enhance cybersecurity capabilities and addressing the unique security challenges posed by AI systems themselves. AI-powered systems can process massive amounts of data in real time, identifying anomalies and vulnerabilities that would be hard to detect manually, thereby enhancing threat detection and response. Simultaneously, there is a growing awareness of the need for Cybersecurity for AI to protect AI models, training data and AI-powered applications from adversarial attacks and vulnerabilities. The awareness encompasses addressing data poisoning, evasion attacks and interruption of service attacks targeting AI systems. Industry frameworks and guidelines, such as the NIST AI Risk Management Framework, are being developed to help organizations manage the risks associated with AI and ensure its secure development and deployment. This dual focus on AI as both a security enabler and a potential target is crucial for building a resilient digital ecosystem.

● Continuous Threat Exposure Management (CTEM): The CTEM framework emphasizes continuously identifying, assessing and mitigating risks posed by cyberthreats across an organization’s entire attack surface. Unlike traditional periodic assessments, CTEM embeds real-time monitoring and adaptive cyber risk management into daily operations, allowing organizations to strengthen their security posture and stay ahead of potential breaches. Industry experts anticipate that organizations prioritizing CTEM will be significantly less likely to experience successful cyberattacks, highlighting its importance in forward-thinking security strategies.

● Zero trust architecture: The adoption of zero trust security principles is gaining significant momentum across U.S. enterprises as organizations strive to secure their increasingly gaping network perimeters. Implementing zero trust often involves key components such as identity and access management (IAM), which is rated as highly important for cloud strategies. Microsegmentation, which isolates every asset to limit lateral movement, is also recognized as crucial for accelerating zero trust initiatives.

Analytics and automation: Organizations are increasingly turning to advanced analytics and automation technologies to enhance the efficiency and effectiveness of their security operations. These solutions help streamline detection-to-response workflows by connecting various security tools, automating repetitive tasks and codifying incident response processes through playbooks. The evolution of these capabilities has moved toward AI-driven solutions that can interpret data, identify patterns and make real-time recommendations. Key use cases include automated phishing response, ransomware containment, insider threat detection and vulnerability management.

● Cloud security solutions: As hybrid and multicloud environments become the norm, the need for comprehensive and integrated cloud security solutions will only continue to grow. This has increased demand for Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP). These platforms provide crucial capabilities such as preventing misconfigurations, enforcing security best practices and offering runtime protection for cloud workloads. The trend toward DevSecOps is further deepening the integration of CWPP and CSPM into the CI/CD pipeline, enabling automated security and compliance checks throughout the application development lifecycle.

● Managed Detection and Response (MDR): The ability of MDR services to act as an outsourced security operations center (SOC), providing scalable and cost-effective advanced protection, is a key driver for their widespread adoption and contribution to cyber resilience. Unlike basic monitoring tools, MDR combines 24/7  monitoring, advanced threat detection leveraging AI and threat intelligence, and rapid incident response capabilities. MDR providers offer proactive threat hunting, actively searching for hidden risks before they escalate into major incidents.

U.S. cybersecurity regulatory and compliance environment

The cybersecurity regulatory landscape in the U.S. continues to evolve, increasing demands on organizations to ensure compliance and build resilience.

● Emerging regulatory trends and proposed legislation: The regulatory landscape is becoming dynamic, with new rules and proposed legislation indicating a growing emphasis on cybersecurity and resilience. New rules on cybersecurity incident disclosure for publicly traded companies underscore the increasing focus on transparency and accountability. Ongoing discussions around potential federal data privacy law could further reshape the regulatory environment. There is increasing regulatory attention on the cybersecurity of critical infrastructure industries, reflecting the need for enhanced resilience against sophisticated threats. The trend of states enacting their own data privacy laws is also continuing, with several new laws taking effect in 2025 in states such as Iowa, Delaware, Nebraska, New Hampshire and New Jersey, adding to the complexity of the compliance landscape.

● Industry-specific regulations and guidelines: Certain industries in the U.S. operate under specific cybersecurity regulations tailored to their unique risks and the criticality of their operations. The financial services industry, for example, is subject to regulations from bodies such as FINRA and the New York Department of Financial Services (NYDFS), emphasizing cyber resilience. The healthcare industry must adhere to HIPAA, and the energy industry faces guidelines from the Department of Energy. These industryspecific regulations highlight the need for tailored security solutions and expertise to ensure resilience within these critical areas.

Key enterprise cybersecurity challenges in the U.S.

U.S. enterprises face a complex and evolving set of cybersecurity challenges that impact their ability to maintain operational and business resilience.

● The evolving threat landscape: The increasing sophistication and volume of cyberthreats continue to challenge enterprises’ resilience. Threat actors constantly develop new techniques, including AI-powered methods and exploit emerging vulnerabilities, demanding a proactive and adaptive security posture.

● Supply chain vulnerabilities: The increasing reliance on complex supply chains introduces vulnerabilities that attackers can exploit, impacting the resilience of enterprises. Industry reports indicate that supply chain challenges are a leading barrier to achieving cyber resilience for many organizations, often due to a lack of visibility and oversight into supplier security levels. Ensuring the security of the entire supply chain, including device integrity, secure development lifecycles and real-time monitoring of third-party vulnerabilities, is essential for maintaining a resilient security posture.

● Convergence of IT and OT security gaps: The convergence of IT and OT environments introduces unique security challenges, as OT systems often have different security requirements and vulnerabilities than traditional IT systems. Addressing these specific security gaps is crucial for ensuring the resilience of critical infrastructure and industrial operations.

● Talent shortage and skills gap: The persistent shortage of skilled cybersecurity professionals remains a significant impediment to building resilient security teams within U.S. enterprises. Talent shortage impacts an organization’s ability to effectively implement and manage security controls, respond to incidents and maintain a proactive security posture necessary for resilience.

● Complexity of security environments: The increasing complexity of modern IT environments, encompassing on-premises, cloud, mobile and IoT/OT systems, poses a significant challenge to maintaining a unified and resilient security posture. Integrating disparate security tools and achieving comprehensive visibility across these environments are critical for effective threat detection and response, which are essential for resilience.

Addressing enterprise challenges: The role of cybersecurity service providers

Cybersecurity service providers are essential partners for U.S. enterprises in addressing the multifaceted challenges they face and enhancing their overall business resilience.

● Strategic risk assessment and digital investment protection: Cybersecurity service providers are moving beyond traditional security assessments to offer strategic risk assessment services that align with an enterprise’s broad business objectives and digital transformation initiatives. They help organizations quantify cyber risks in business terms, translating technical vulnerabilities into potential impacts on revenue, operational continuity and brand reputation. This includes aligning security postures with industry-specific contexts and understanding unique industry trends, compliance requirements and -specific threats. Service providers are instrumental in demonstrating the ROI from protecting digital transformation investments and critical assets. For instance, they can help track KPIs such as reduced unscheduled downtime, improved customer trust scores and quick threat remediation times, directly linking cybersecurity investments to business outcomes and managing overall business risk. This strategic partnership ensures that security is not just a cost center but a driver of innovation and business growth.

● Navigating complex regulatory and AI governance landscapes: The increasingly complex and demanding regulatory landscape, particularly with the rising complexities from AI and GenAI deployments, can be a significant burden for enterprises. Cybersecurity service providers possess specialized knowledge of various regulations and compliance frameworks, such as HIPAA, PCI DSS and state privacy laws, while ensuring adherence. With the rapid adoption of AI, service providers are crucial in helping organizations establish robust AI governance frameworks, manage AI-related risks (such as data poisoning and model manipulation) and ensure compliance with emerging AI-specific regulations and guidelines such as the NIST AI Risk Management Framework. Such expertise is particularly valuable for organizations operating in highly regulated industries and those heavily investing in AI.

● Providing effective and consolidated security solutions: Beyond costeffectiveness, there is an increasing focus among service providers to help clients reduce tool sprawl and consolidate their security operations platforms. This consolidation leads to cost savings and improved operational efficiency as disparate tools are integrated into a more unified and manageable security ecosystem. Service providers are relying on shared infrastructure and expertise across multiple clients to deliver enterprise-grade security services, contributing to a resilient and manageable security posture.

● Augmenting internal security teams and talent development: Next-generation SOC and MDR providers effectively augment internal security teams, offering 24/7 monitoring, advanced threat detection and incident response capabilities, enhancing enterprises’ ability to respond to and recover from incidents, thus improving resilience. Service providers also contribute to talent development by offering specialized training and upskilling programs, helping to bridge the industry’s skills gap.

The evolving landscape of Technical Security Services (2025)

Technical Security Services in 2025 will be characterized by a significant increase in the adoption of analytics and automationdriven security implementations to enhance resilience. These technologies will streamline the deployment, configuration and management of security tools, improving efficiency and enabling rapid detection and response capabilities. ISG expects service providers to:

● Emphasize the integration and interoperability of security tools to provide a unified and resilient security ecosystem.

● Incorporate proactive threat hunting and continuous vulnerability management as central components of technical security service offerings, focusing on identifying and mitigating weaknesses before they can be exploited.

● Specialize in securing emerging technologies, such as IoT and OT environments, to meet the high demand for building resilient security controls in these complex areas as organizations expand their digital footprint.

● Extend their focus to CTEM, where technical services continuously identify, assess and mitigate risks across the attack surface, transitioning from periodic assessments to proactive, real-time risk management.

The evolving landscape of Strategic Security Services (2025):

In 2025, Strategic Security Services will be increasingly focused on enhancing business resilience in the face of evolving cyberthreats and accelerating digital transformation initiatives, particularly those involving AI. ISG anticipates a strong emphasis on:

● Integrating cybersecurity into the overall business strategy, with a focus on comprehensive cyber risk management and governance frameworks.

● Providing proactive, threat-informed advisory services, leveraging real-time intelligence to guide organizations in building resilient security strategies aligned with their specific risk profiles.

● Integrating security into digital transformation initiatives, especially those involving AI, ensuring that resilience is built into new technologies and business models from the outset.

● Prioritizing business resilience and continuity planning as core components of strategic security services, helping organizations develop robust plans to respond and recover from cyber incidents, ensuring minimal disruption to business operations.

The evolving landscape of Next-Generation SOC/MDR services (2025):

Next-generation SOC/MDR offerings in 2025 will be defined by significant advancements in threat intelligence, analytics and automation to enhance organizational resilience. These services will leverage enhanced threat intelligence, incorporating AI and ML for accurate and rapid threat detection and response. ISG anticipates traction with the following:

● Proactive threat hunting becoming a standard feature, with SOC analysts actively seeking out hidden threats using advanced techniques.

● Integrating deeper business context into SOC/MDR operations to enable the prioritization of threats based on their potential impact on critical assets and  business operations, thereby supporting business resilience.

● Implementing automation and orchestration, powered by advanced analytics platforms, as essential components for rapid incident response, enabling quick containment and remediation of security incidents while minimizing disruption to business continuity.

● Shifting from reactive alert processing to assuming proactive security responsibility by leveraging AI to augment human analyst capabilities and improve overall security posture.

Future outlook for 2025

The U.S. cybersecurity market continues to present significant and evolving challenges for enterprises and service providers, demanding a strong focus on building resilience. The growing adoption of advanced solutions such as cloud security, MDR, zero trust, analytics and automation, AI for cybersecurity, and CTEM reflects a mature understanding of these challenges and a strategic shift toward enhancing cyber and business resilience.

In 2025, the emphasis on digital transformation, particularly AI initiatives, will further shape the cybersecurity landscape. To navigate this evolving landscape effectively, U.S. enterprises must prioritize building a resilient security posture that integrates people, processes and technology. Boards and executives should recognize AI-related risk, governance and compliance as cybersecurity imperatives and invest strategically in security to safeguard their AI and broad digital investments. Leveraging the expertise of cybersecurity service providers will be crucial for augmenting internal teams, accessing specialized skills and ensuring compliance.

Continuous learning, adaptation and a proactive security mindset focused on resilience will be paramount for mitigating risks and ensuring business continuity amid an everchanging cyberthreat environment. Service providers must continue to innovate and adapt their offerings to meet the increasingly sophisticated needs of enterprises, delivering cutting-edge solutions and expertise to help them build and maintain resilience against sophisticated threats.

Access to the full report requires a subscription to ISG Research. Please contact us for subscription inquiries.