AI, interest rates and fraud risks set up next potential digital identity M&A spree

Trends in the broader financial market and the policy arena are intersecting with trends in digital identity and cybersecurity in a way that could drive an increase in consolidation, but also lead to an uptick in initial public offerings in the industry.

Liminal’s Filip Verley identified half a dozen trends in digital identity, and three more in cybersecurity, during a webinar on “Identity Market & Policy Trends 2026.”

Agentic AI is “redefining the identity frontier” away from human-centricity towards a more dynamic system that identifies both people and non-human identities. Determining whether an identity belongs to a bot or not is not sufficient in such a system.

This means governance, attribution and consent frameworks have to extend beyond humans,” Verley says. Threats from deepfakes and synthetic data are making biometric liveness detection and authenticity checks foundational.

But the gap between awareness and preparedness is the largest Liminal has ever analyzed, according to Verley.

“Perpetual KYC” with ongoing risk profile monitoring is another trend, and has already been adopted by 28 percent of financial institutions. Within two years, that number is expected to reach 43 percent.

How many will want to pay for such a capability, and how many will want to know that they have more customers they should take enforcement action against, however, remains to be seen.

Liminal also sees fraud prevention and authentication as converging within a single risk engine. Teams that have previously been more siloed are working together across fraud prevention, AML and cybersecurity.

The concept overlaps with perpetual KYC by bringing continuous data to a previously static, momentary process.

While these trends increase the demands on service providers, those service providers are showing they are willing to accept some limited amount of fraud as a trade-off to preserve good user experience, Verley says.

Almost 9 out of 10 (88 percent) have eased their fraud defenses for account recovery or checkout in order to reduce churn.

Adaptive authentication is one way to avoid damaging UX while maintaining robust fraud protection.

Determining ultimate beneficial ownership remains a challenge for many companies. Shell companies difficult to detect for 71 percent of large institutions, and 82 percent of smaller ones.

In cybersecurity, identity-first is taking over. Ninety-nine percent of businesses consider identity verification as a critical component of cyber platforms, and the perimeter has shifted from the network to identity.

AI agents are being used by organizations to orchestrate incident responses, triage alerts and mitigate threats.

Agents will carry automate as much as 40 percent of Tier-1 SOC workloads by 2026, according to Liminal’s forecast.

With so much AI in the mix, detection models for deepfakes and synthetic data, malware and AI-generated exploits will have to evolve.

Conditions for M&A, IPOs improve

Bryant Williams of Piper Sandler, which was involved in a number of notable transactions, including the Behaviosec acquisition by LexisNexis, discussed the market for mergers and acquisitions.

AI and lower interest rates make for a strong valuations of companies involved in cybersecurity and identity, even as growth remains challenging, he says.

The ongoing trend towards “platformization” may driver further M&A within the digital identity space.

AI’s impact on product development could also change the balance between buying new technology or building it in-house, Williams observes.

In the meantime, higher margins for software companies are pushing multiples up to near pandemic-level, at 9.7, compared to 11.2 times during lockdowns.

There have been only five IPOs in the space since the pandemic, but Williams argues that if the IPO market picks up, demand for higher-growth assets will rise, supporting high multiples.

Williams shared multiple charts illustrating the premium that the security sector gets in valuations.

Ultimately, “the street continues to love security,” he says. “It has deserved the premium. It’s growing faster.”

Venture capital investors are spending roughly the same amount as they have over the past several years, but the number of deals is creeping downwards.

For smaller companies with growth above 30 percent, the time for an IPO may be approaching. Without strong growth, they may find themselves under pressure to make a change.

Government involvement, if not direction

Jeremy Grant of Venable LLP presented the government’s role in digital identity and cybersecurity. A lot of his talk focussed or related back to the lack of a coordinated vision for digital identity across the U.S. government. That lack of coordinated vision is not just between different administrations, but the current one as well, Grant notes.  He contrasted the conflicting views presented in the June executive order that stripped the guidance to federal bodies and states to work towards remote ID verification with views presented since by GSA officials on how Login.gov will work and the White House itself on making digital ID work in health. The latest development on this path is the working paper on crypto, which reverses course from the June EO on Treasury working with NIST to work on mDLs.

In the past, challenges have been addressed with one-off systems, rather than common digital identity infrastructure.

What results is a fragmented landscape of different processes to get different credentials that can only be used for a limited number of interactions.

The Treasury Department is currently gathering input on digital identity verification, Grant notes.

And federal organizations, from NIST to SSA, have continued to work on digital ID to combat identity fraud.

For 2026, Grant expects most federal government action on ID will be around financial services.

Article Topics

acquisitions  |  adaptive authentication  |  biometrics  |  cybersecurity  |  digital identity  |  identity verification  |  Jeremy Grant  |  Liminal