Gartner’s Top 8 Cybersecurity Predictions for the Coming Year
In the realm of cybersecurity and risk management, “major disruption is just one crisis away,” according to Richard Addiscott, Senior Director Analyst specializing in cybersecurity at research firm Gartner. “We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.” Speaking in the opening keynote at the recent Gartner Security & Risk Management Summit in Sydney, Australia, Addiscott emphasized that security and risk leaders must not “fall into old habits and try to treat everything as we did in the past.”
The key: Looking to the future to develop a security and privacy strategy that will enable organizations to thrive even in hostile environments. To inform cybersecurity leaders’ strategic planning, Gartner offered the following predictions for 2022-2023.
1) “Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.” Worldwide, privacy regulations continue to expand, Gartner pointed out. The firm’s recommendation: Organizations should “track subject rights request metrics, including cost per request and timely fulfillment, to identify inefficiencies and justify accelerated automation.”
2) “By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.” Particularly in today’s hybrid work environments, an integrated security service edge (SSE) solution helps provide “consistent and simple web, private access and SaaS application security,” Gartner noted. The firm favors single-vendor for best-of-breed solutions for efficiencies such as “tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.”
3) “Sixty percent of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits.” Zero trust, the security model in which endpoint devices are not trusted by default and instead of context-based network access, has become a buzzword among security vendors as well as government guidance. Unlocking the true power of zero trust, however, “requires a cultural shift and clear communication that ties it to business outcomes,” Gartner said.
4) “By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.” Currently, “only 23% of security and risk leaders monitor third parties for real-time cybersecurity exposure,” Gartner said. With cyberattacks growing and consumer and regulator concerns rising, “organizations will begin to mandate cybersecurity risk as a significant determinant when operating with a third party, ranging from simple monitoring to a critical technology supplier to complex due diligence for mergers and acquisitions,” the firm predicted.
5) “Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021.” As Gartner put it, “The decision to pay the ransom is not a business-level decision, not a security one.” Increased government regulation will further complicate incident response – perhaps that’s why the firm recommends “engaging a professional incident response team as well as negotiating before any regulatory body.”
6) “By 2025, threat actors will have weaponized operational technology environments to successfully cause human casualties.” Operational technology – defined by Gartner as “hardware and software that monitors or controls equipment, assets and processes” – has become an increasingly common target of cyberattacks, the firm noted. In these environments, concerns of theft take a back seat to “real-world hazards to humans and the environment.”
7) “By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.” The COVID-19 pandemic has made it clear that traditional approaches to business continuity planning can’t keep up with a large-scale disruption, Gartner pointed out. Risk leaders must “recognize organizational resilience as a strategic imperative and build an organization-wide resilience strategy that also engages staff, stakeholders, customers and suppliers,” the firm recommended.
8) “By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contract.” According to a fall 2021 Gartner survey, 88% of boarders’ directors now view cybersecurity as a business risk rather than a risk within IT. And while Gartner data suggests that the CIO, CISO, or opposite role is still the top person holding accountable for 85% of organizations in cybersecurity today, over the coming years the firm “expects to see a shift in formal accountability for the treatment of cyber risks. from the security leader to the senior business leaders. “
A Gartner e-book on top strategic priorities for security & privacy leaders is available for download here (registration required).
About the Author: Rhea Kelly is Editor in Chief for Campus Technology. She can be reached at [email protected]General Chat Chat Lounge
General Chat Chat Lounge