IAM for digital resilience and strategic acceleration

Identity & Access Management (IAM) keeps proving itself as the operating system of digital resilience and strategic acceleration. It is the engine of digitisation and always asks the same core question: who (or what) has access, to what, and why? And can this be answered confidently?

As we head towards 2026, we have taken some time to reflect on 2025. To wrap up key moments and developments and insights and movements from the past year, and to look forward to the year ahead. What trends in Identity and Access Management do we see? What’s brewing for the next year, and how might our field develop?

Many things happened in 2025: market shifts and consolidation, resiliency conversations and dependency topics moving up on the agenda, new labels like IVIP, and a more mainstream debate focused on IAM & AI, AI agents and non-human identities. In the midst of this all this movement and development, we have seen most IAM teams continue to do what matters most: getting the access fundamentals right to ensure that everyone and everything can continue their work.

We asked some of our experts (see the end of this report for all SonicBee contributors) what stood out to them this year and what they expect for 2026. While emphasis and perspectives differ, they share a common message: IAM needs visibility, control, and trustworthy, high-quality data as foundation in order for governance or automation (or AI) to be able to really benefit an organisation.

This report covers what else they’ve seen, what it means, and what might be worth doing next.

Happy reading, and happy new year!