• United States



GDPR turbocharges identity and access management spending

News Analysis
Dec 08, 20173 mins
ComplianceData and Information SecurityIdentity Management Solutions

IAM market predicted to eclipse $16 billion by 2022

facial recognition - biometric security identification - binary face
Credit: Thinkstock

Cybercrime isn’t the only market driver for cybersecurity products and services.

In a recent interview with BNN — Canada’s only all business and financial news channel — Robert Herjavec, founder and CEO at Herjavec Group, said compliance is driving 50 percent of the cybersecurity market.

The looming GDPR deadline of May 25, 2018 — and the anticipated fines for non-compliance after that date — has spurred identity and access management (IAM) spending, which is expected to grow at a CAGR (compound annual growth rate) of 12-15 percent over the next five years.

Cybersecurity Ventures predicts global spending on IAM products and services will exceed $16 billion USD annually by 2022.

Compliance is your strongest firewall,” says Rob Hegedus, CEO at Sera-Brynn. The way Hegedus sees it, compliance isn’t just a legal requirement; it’s a key ingredient that needs to be baked into every organization’s cybersecurity.

IAM helps companies meet GDPR compliance

A recent CSO story calls IAM a knight in shining armor for IT executives who are losing sleep over the looming GDPR deadline. Why? IAM has most of what’s needed to meet GDPR compliance when dealing with a person’s data.

What is GDPR? Hopefully there’s not a CIO or CISO out there asking. But just in case there is, The European Parliament and the Council of the European Union explains the General Data Protection Regulation for everyone.

Which companies does the GDPR affect? Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.

Roughly two-thirds of U.S. companies believe the GDPR will require them to rethink their strategy in Europe, according to an Ovum report.

Likewise, companies globally doing business in EU need to plan around GDPR.

IAM in of itself doesn’t spell GDPR compliance. But it’s a big piece of the puzzle that organizations will be relying heavily upon leading up to the spring 2018 deadline.

GDPR affecting biometrics market, too

Another market expected to see a boost in spending due to GDPR is biometrics, which ties into IAM. The financial services industry is an early adopter, embracing biometrics to better identify individuals and control privileged user access to data.

If there’s one thing for sure, it’s that GDPR is going to be a pain in the wallet. The question for many organizations is if they’ll be doling out cash for IAM, biometrics and related solutions — or for compliance fines.

Visit to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.