Search
Business and entrepreneurship symposium

Cyber Security Trends 2025

The Gartner® IT Symposium/Xpo™ demonstrated how important developments in cyber security are 

January 27 2025Natalie Rupp

GenAI takes center stage in Barcelona

Once again, the Gartner® IT Symposium/Xpo™ in Barcelona was the meeting place for CIOs and IT managers to discuss innovative technologies and trends. This year, the focus was particularly on the role of generative AI (GenAI) and how companies can use it in a targeted manner.

It’s getting challenging

The environment of business risks gets more and more complex. In addition to cyber risks, IT risks and third-party risks, also GenAI and the integration of Cyber-Governance-Tools (Cyber-GRC) are playing an increasingly important role. These technologies not only enable real-time threat analysis, but also support the communication of risks to the management level – a key point in establishing cyber security as part of the business strategy.1
 

Strategic Chief Information Security Officer (CISO) imperatives

1. Adapt to digital operating models
Cyber security programs must keep pace with the decentralized introduction of new technologies. We believe, that’s crucial, because Gartner® assumes, that “by 2027, 75% of employees will acquire, modify or create technology outside IT’s visibility – up from 41% in 2022.”2

2. Lean into GenAI
GenAI remains a driving factor, which should be integrated into any security strategy. Whether through in-house developments or external providers – the focus is on automating routine tasks and supporting human decision-making. However, there are some aspects that need to be considered: e.g. lack of maturity, risks due to rush of providers, data protection and effectiveness.2

GenAI’s future is evolving too quickly to predict, but the analysts at Gartner® see “great opportunities for AI driven recommendations for policy & patching”.3 But there are two sides to the coin. Deep fake fraud and spear phishing on a large scale are worrying, as are attacks on AI and the toolchain. Autonomous malware is a major concern, too. Therefore, Gartner® recommends that “enterprises need to start using their own AI to improve behavioral based detections across human and digital assets.”3

3. Pivot to human-centric security
Guess what percentage of all data breaches include a human element? Do you have a number in mind? Then read on! “68% of all data breaches include the human element.”2 According to Gartner®, “67% use same passwords for multiple accounts“ and “65% open emails from unknown sources on work devices.“ Additionally, “93% acknowledged these actions would increase risk to the enterprise.”2

What happens next?

Here are some of the top predictions of cyber security for 2024+ that Gartner® expects to see:

1. Expanding CISOs’ legal exposure

“By 2027, two-thirds of global 100 organizations will extend D&O insurance to cyber security leaders due to personal legal exposure.”

Actions:

  • Redefine the CISO role
  • Consider financial and legal benefits to protect the CISO
  • Clarify roles and responsibilities4


​​​​​​​2. Battling malinformation

“By 2028, enterprise spend on battling malinformation will surpass $500 billion, cannibalizing 50% of marketing and cyber security budgets.”

Actions:

  • Consistently raising awareness before the board and executive committee
  • Define responsibilities for governing, devising and executing enterprise-wide programs
  • Invest in tools and techniques leveraging ‘chaos engineering’4


​​​​​​​3. Closing skills gaps with GenAI 

“By 2028, the adoption of GenAI will collapse the skills gap, removing the need for specialized education from 50% of entry-level cyber security positions.”

Actions:

  • Focus on internal use cases that support users as they work
  • Track homegrown and vendor provided augments at the task and role level
  • Coordinate with HR partners
  • Identify adjacent talent4


​​​​​​​4. Scoping zero trust

“Through 2026, 75% of organizations will exclude unmanaged, legacy and cyber-physical systems from their zero-trust strategies.”

Actions:

  • Apply the basics of a zero-trust philosophy, but tailor it to non-IT environments
  • Brainstorm with cyber-physical systems operators and engineers to adapt a zero-trust strategy to production environments
  • Ask zero-trust vendors to demonstrate exactly which risks are mitigated for your environment and how4


​​​​​​​5. Integrating GenAI

“By 2026, enterprises combining GenAI with an integrated platforms-based architecture in security behavior and culture programs will experience 40% fewer employee-driven cyber security incidents.”

Actions:

  • Create a cross-functional working group comprising a suitable cross-section of your organization’s employees
  • Pilot GenAI capabilities augmented by data from multiple sources
  • Leverage GenAI capabilities securely to personalize the communications4


​​​​​​​6. Identity Response

“Through 2026, 40% of IAM leaders will take over the primary responsibility for detecting and responding to IAM-related breaches.”

Actions:

  • Leverage identity threat detection and response practices to build improved capability
  • Provide visibility to the board by leveraging protection-level targets
  • Collaborate with the CISO to align IAM and security initiatives4


​​​​​​​7. DLP and insider risk

“By 2027, 70% of organizations will combine data loss prevention and insider risk management disciplines with IAM context to identify suspicious behavior more effectively.”

Actions:

  • Identify data and identity risks as the primary driver for data security
  • Evaluate vendors that can address multiple use cases
  • Build multifaceted policies that include layered detection from IAM, IRM and DLP4


​​​​​​​8. Application security

“By 2027, 30% of cyber security functions will redesign application security to be consumed directly by non-cyber experts and owned by application owners.”

Actions:

  • Develop communities of practice
  • Take a minimum effective expertise approach
  • Create a new, high-value role – the ‘application security product manager’4


And how will cyber security develop in the coming decades?

Gartner® ventured exciting predictions:

  • “What if … by 2040, distributed human computing and networked brains sharing creativity become the norm. Employees will be required to plug in.”5 This raises profound ethical and legal questions.
  • “What if … by 2040, more data processing takes place in the space than on earth.”5 This could expand capacities, but also harbors new security risks.
  • “What if … by 2032, 60% of the businesses manage trust as a corporate asset and determine 25% of the enterprise value.”5 Transparency and ethics will become business-critical factors.

What companies need to do NOW

Our key findings from the Gartner IT Symposium/Xpo™ make one thing clear: the cyber security landscape is becoming increasingly complex, the threats more intelligent, but also the solutions more diverse. Companies must act proactively:

  1. AI as an opportunity and a risk: Use AI, but also protect yourself against its misuse.
  2. Promote a safety culture: Train your employees and create an environment in which safety is part of the corporate culture.
  3. Build resilience: Flexibly adapt your cyber security strategies to meet changing challenges.
  4. Focus on the future: Trust, transparency and ethical standards will become essential as technology increasingly permeates our lives.
About the author
Portrait of Natalie Rupp

Natalie Rupp

Sales Enablement Manager, T-Systems Austria GesmbH

Show profile and articles

You might also be interested in

We look forward to your feedback

Do you have any ideas, suggestions, or questions on this topic? We cordially invite you to exchange ideas with us. Get in touch with us!

Gartner® is a registered trademark and service mark and IT Symposium/Xpo is a trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Sources for this blog are Gartner IT Symposium/Xpo™ 2024 sessions in Barcelona: 
1 Gartner Conference Session, Gartner IT Symposium/Xpo™, Outlook for Cyber-Risks 2025, Deepti Gopal, 6 November 2024, Barcelona. 
Gartner Conference Session, Gartner IT Symposium/Xpo™, Leadership Vision for Security and Risk Management 2024-2025, Tom Scholtz, 4 November 2024, Barcelona. 
Gartner Conference Session, Gartner IT Symposium/Xpo™, Gartner’s Cybersecurity Radar for CIOs, 2025-2026, Bart Willemsen, 4 November 2024, Barcelona.
Gartner Conference Session, Gartner IT Symposium/Xpo™, The Top Predictions for Cybersecurity for 2025, Deepti Gopal, 5 November 2024, Barcelona.
Gartner Conference Session, Gartner IT Symposium/Xpo™, Maverick: The Far Future according to Maverick, Frank Buytendijk and Marty Resnick, 5 November 2024, Barcelona.

Do you visit t-systems.com outside of Germany? Visit the local website for more information and offers for your country.