The Gartner IT Symposium/Xpo™ in Barcelona, Spain was once again a global event for CIOs and IT-executives in 2023. This conference presented strategic insights and leadership approaches for technologies and global trends that are shaping the future of IT, including the acceleration of business transformation, cyber security, generative AI, data analysis, customer experiences, and much more. The sessions by Gartner experts at the Symposium provided significant insights for business development this year. What can we expect in the area of cyber security specifically?
The lack of skilled workers is not the only challenge for companies in terms of security. Increasing risks in the supply chain, new regulations, and emerging threats such as ransomware will also define the next few years. But what strategic solutions exist for these problems? Which top trends offer answers? Some of the strategic approaches include:
A holistic approach that incorporates technologies, processes, and people is therefore necessary in order to be prepared for the challenges of the coming years.
The risks of generative AI are often underestimated. The accelerating use of ChatGPT and other generative AI models in companies poses a major challenge for those responsible for security. This is because the benefits of AI applications are often recognized more than the risks, and people forget that the company's attack surface is massively increased. The risk of falsified or inaccurate information, the aspect of intellectual property and liability, or even data protection issues and the potential misuse of data are just some of the aspects that companies need to be aware of. The use of this technology is gathering pace.
But AI innovations are also accelerating in other areas, e.g. in drug development, materials management, chip design, the creation of synthetic data, and the design of parts in general.
Here, too, Gartner® offers some innovative tech-food for thought on how to minimize risk, including organizational steps such as setting up an AI task force and technological solutions such as content anomaly detection. The establishment of organizational structures, transparent models, comprehensible guidelines, and continuous monitoring play an important role in stopping cyber security threats.1
What trends and developments lie ahead in terms of cyber security over the next few years? In principle, the focus is on people. It is recognized that people are both part of the problem and part of the solution. Security models that take greater account of human capabilities will come to the fore, integrating strategic insights and innovative approaches to empower IT executives and CIOs. These experts will explore and implement solutions that not only address cyber security challenges but also leverage global trends and analytics to enhance user experiences and accelerate business innovation.
Gartner® sees a need for action here2
By 2024, modern data protection regulations will cover the majority of consumer data, but less than 10 percent of companies will have successfully used data protection as a competitive advantage.
A comprehensive data protection standard enables companies to stand out in a highly competitive market, use data more extensively, and build trust with customers, partners, and investors.
By 2025, almost half of cyber security leaders will change jobs, and 25 percent will take on a completely different role due to multiple workloads.
Cyber security managers are under high pressure, and successes are difficult to communicate. A cultural change and support for demanding and stressful tasks can counteract this trend, emphasizing the need for innovative solutions in cyber security strategy.
By 2025, 50 percent of cyber security managers will have tried unsuccessfully to use cyber risk quantification to make business decisions.
Awareness of cyber risks is accelerating, but action-oriented results are achieved in only one in three cases. A shift from the creation of self-directed analyzes to quantifications required by decision-makers provides a remedy, highlighting the importance of analytics in cyber security.
By 2026, 10 percent of large companies will have implemented a comprehensive, mature and measurable Zero Trust program, compared to less than 1 percent today.
Comprehensive Zero Trust implementation is usually realized slowly, as it can become complex. A step-by-step approach called "Zone Defense" is recommended to better understand the benefits of the model and manage complexity gradually, a key topic in cyber security forums.
By 2026, more than 60 percent of threat detection, investigation, and response (TDIR) functions will use exposure management data to validate and prioritize detected threats – up from less than 5 percent today.
To give security teams a complete picture of risks and potential impacts, a centralized location for continuous monitoring is recommended, a result that is gaining traction in cyber security practices.
By 2026, 70 percent of management boards will have a member who is an expert in the cyber security field.
In order to raise awareness of cyber security in companies, it is advantageous if cyber security experts are part of the board/management. In this way, security managers can not only show how security measures can prevent unwelcome incidents, but also how companies can better prepare for risks. A trend that underscores the strategic importance of cyber security at the executive level.
By 2027, 75 percent of employees will acquire, modify, or create technologies that are not under the control of the IT department – compared to 41 percent in 2022.
It is important to engage intensively with employees so that they have the appropriate knowledge to act in a well-founded manner is a strategic move, as user-driven technology innovation continues to accelerate.
By 2027, 50 percent of CISOs will formally incorporate human-centered design practices into their cyber security programs to minimize operational friction and maximize control adoption.
Research from Gartner® shows that over 90 percent of employees who performed unsafe acts at work were aware that these increased the risk to the organization. Human-centered security design puts people at the heart of control development and implementation, instead of technology, threat, or location, an innovative approach that Gartner® experts suggests can lead to more effective cyber security strategies.
The Gartner IT Symposium/Xpo™ in Barcelona, Spain once again showcased a comprehensive range of global trends and developments this year. In the area of cyber security, experts view the integration of people, the introduction of Zero Trust, and compliance with data protection as key aspects for the coming years. The decisive factor here is to focus not only on technological solutions, but above all on human components. This will enable companies to better meet future cyber security challenges.
1 Beyond ChatGPT: the future of generative AI for businesses, Gartner, 2023, gartner.de
2 Gartner Unveils Top Eight Cyber Security Predictions for 2023-2024, Gartner, 2023, gartner.com