Gartner IT Symposium/Xpo™: Cyber Security Trends 2024

There was a lot of talk about cyber security in Barcelona. You can find out what developments we can expect here

January 19 2024Natalie Rupp

The next few years hold a number of challenges

The Gartner IT Symposium/Xpo™ in Barcelona, Spain was once again a global event for CIOs and IT-executives in 2023. This conference presented strategic insights and leadership approaches for technologies and global trends that are shaping the future of IT, including the acceleration of business transformation, cyber security, generative AI, data analysis, customer experiences, and much more. The sessions by Gartner experts at the Symposium provided significant  insights for business development this year. What can we expect in the area of cyber security specifically?

Staff shortages are just the tip of the iceberg

The lack of skilled workers is not the only challenge for companies in terms of security. Increasing risks in the supply chain, new regulations, and emerging threats such as ransomware will also define the next few years. But what strategic solutions exist for these problems? Which top trends offer answers? Some of the strategic approaches include:

  • Continuous threat exposure management: continuous and risk-focused identification and response in the assessment of vulnerabilities
  • Identity fabric immunity: proactive and reactive securing of identity systems
  • Cyber security validation: continuous validation of controls, technology, and human processes
  • Platform consolidation: reduction in the complexity of security platforms through consolidation and integration
  • Composable security: grouping of security functions into reusable components
  • Human-centric design: designing of security controls with a user-defined approach
  • Structured personnel management: use of a structured approach for recruitment, training, and talent development/retention.
  • Board oversight: change in communication with the management board toward business-oriented instead of technical key figures

A holistic approach that incorporates technologies, processes, and people is therefore necessary in order to be prepared for the challenges of the coming years.

The risks of generative AI are often underestimated

The risks of generative AI are often underestimated. The accelerating use of ChatGPT and other generative AI models in companies poses a major challenge for those responsible for security. This is because the benefits of AI applications are often recognized more than the risks, and people forget that the company's attack surface is massively increased. The risk of falsified or inaccurate information, the aspect of intellectual property and liability, or even data protection issues and the potential misuse of data are just some of the aspects that companies need to be aware of. The use of this technology is gathering pace.

Two Gartner® assessments for the “Marketing and Media” sector

  • By 2025, 30 percent of outbound marketing topics from large organizations will be generated synthetically, compared to less than 2 percent in 2022. 
  • In 2030, a major blockbuster movie will be released where 90 percent of the movie was generated by innovative AI (from text to video), compared to 0 percent in 2022.

But AI innovations are also accelerating in other areas, e.g. in drug development, materials management, chip design, the creation of synthetic data, and the design of parts in general.

Here, too, Gartner® offers some innovative tech-food for thought on how to minimize risk, including organizational steps such as setting up an AI task force and technological solutions such as content anomaly detection. The establishment of organizational structures, transparent models, comprehensible guidelines, and continuous monitoring play an important role in stopping cyber security threats.1

An important factor in 2024 will remain: people

What trends and developments lie ahead in terms of cyber security over the next few years? In principle, the focus is on people. It is recognized that people are both part of the problem and part of the solution. Security models that take greater account of human capabilities will come to the fore, integrating strategic insights and innovative approaches to empower IT executives and CIOs. These experts will explore and implement solutions that not only address cyber security challenges but also leverage global trends and analytics to enhance user experiences and accelerate business innovation.

Gartner® sees a need for action here2

Data protection as an advantage

By 2024, modern data protection regulations will cover the majority of consumer data, but less than 10 percent of companies will have successfully used data protection as a competitive advantage.

A comprehensive data protection standard enables companies to stand out in a highly competitive market, use data more extensively, and build trust with customers, partners, and investors.

Challenges in leadership

By 2025, almost half of cyber security leaders will change jobs, and 25 percent will take on a completely different role due to multiple workloads.

Cyber security managers are under high pressure, and successes are difficult to communicate. A cultural change and support for demanding and stressful tasks can counteract this trend, emphasizing the need for innovative solutions in cyber security strategy.

A different perspective on cyber risks

By 2025, 50 percent of cyber security managers will have tried unsuccessfully to use cyber risk quantification to make business decisions.

Awareness of cyber risks is  accelerating, but action-oriented results are achieved in only one in three cases. A shift from the creation of self-directed analyzes to quantifications required by decision-makers provides a remedy, highlighting the importance of analytics in cyber security.

Slow introduction of Zero Trust

By 2026, 10 percent of large companies will have implemented a comprehensive, mature and measurable Zero Trust program, compared to less than 1 percent today.

Comprehensive Zero Trust implementation is usually realized slowly, as it can become complex. A step-by-step approach called "Zone Defense" is recommended to better understand the benefits of the model and manage complexity gradually, a key topic in cyber security forums.

Threat detection with exposure management data

By 2026, more than 60 percent of threat detection, investigation, and response (TDIR) functions will use exposure management data to validate and prioritize detected threats – up from less than 5 percent today.

To give security teams a complete picture of risks and potential impacts, a centralized location for continuous monitoring is recommended, a result that is gaining traction in cyber security practices.

More cyber security experts on management boards

By 2026, 70 percent of management boards will have a member who is an expert in the cyber security field.

In order to raise awareness of cyber security in companies, it is advantageous if cyber security experts are part of the board/management. In this way, security managers can not only show how security measures can prevent unwelcome incidents, but also how companies can better prepare for risks. A trend that underscores the strategic importance of cyber security at the executive level.

User-driven technology adaptation

By 2027, 75 percent of employees will acquire, modify, or create technologies that are not under the control of the IT department – compared to 41 percent in 2022.

It is important to engage intensively with employees so that they have the appropriate knowledge to act in a well-founded manner is a strategic move, as user-driven technology innovation continues to accelerate.

Human security practices

By 2027, 50 percent of CISOs will formally incorporate human-centered design practices into their cyber security programs to minimize operational friction and maximize control adoption.

Research from Gartner® shows that over 90 percent of employees who performed unsafe acts at work were aware that these increased the risk to the organization. Human-centered security design puts people at the heart of control development and implementation, instead of technology, threat, or location, an innovative approach that Gartner® experts suggests can lead to more effective cyber security strategies.


The Gartner IT Symposium/Xpo™ in Barcelona, Spain once again showcased a comprehensive range of global trends and developments this year. In the area of cyber security, experts view the integration of people, the introduction of Zero Trust, and compliance with data protection as key aspects for the coming years. The decisive factor here is to focus not only on technological solutions, but above all on human components. This will enable companies to better meet future cyber security challenges.

You may also find this interesting

About the author
Portrait of Natalie Rupp

Natalie Rupp

Sales Enablement Manager, T-Systems Austria GesmbH

Show profile and articles

We look forward to your opinion

Do you have any ideas, suggestions, or questions on this topic? We cordially invite you to exchange ideas with us. Get in touch with us!

1 Beyond ChatGPT: the future of generative AI for businesses, Gartner, 2023, gartner.de

2 Gartner Unveils Top Eight Cyber Security Predictions for 2023-2024, Gartner, 2023, gartner.com

Do you visit t-systems.com outside of Germany? Visit the local website for more information and offers for your country.