Once again, the Gartner® IT Symposium/Xpo™ in Barcelona was the meeting place for CIOs and IT managers to discuss innovative technologies and trends. This year, the focus was particularly on the role of generative AI (GenAI) and how companies can use it in a targeted manner.
The environment of business risks gets more and more complex. In addition to cyber risks, IT risks and third-party risks, also GenAI and the integration of Cyber-Governance-Tools (Cyber-GRC) are playing an increasingly important role. These technologies not only enable real-time threat analysis, but also support the communication of risks to the management level – a key point in establishing cyber security as part of the business strategy.1
1. Adapt to digital operating models
Cyber security programs must keep pace with the decentralized introduction of new technologies. We believe, that’s crucial, because Gartner® assumes, that “by 2027, 75% of employees will acquire, modify or create technology outside IT’s visibility – up from 41% in 2022.”2
2. Lean into GenAI
GenAI remains a driving factor, which should be integrated into any security strategy. Whether through in-house developments or external providers – the focus is on automating routine tasks and supporting human decision-making. However, there are some aspects that need to be considered: e.g. lack of maturity, risks due to rush of providers, data protection and effectiveness.2
GenAI’s future is evolving too quickly to predict, but the analysts at Gartner® see “great opportunities for AI driven recommendations for policy & patching”.3 But there are two sides to the coin. Deep fake fraud and spear phishing on a large scale are worrying, as are attacks on AI and the toolchain. Autonomous malware is a major concern, too. Therefore, Gartner® recommends that “enterprises need to start using their own AI to improve behavioral based detections across human and digital assets.”3
3. Pivot to human-centric security
Guess what percentage of all data breaches include a human element? Do you have a number in mind? Then read on! “68% of all data breaches include the human element.”2 According to Gartner®, “67% use same passwords for multiple accounts“ and “65% open emails from unknown sources on work devices.“ Additionally, “93% acknowledged these actions would increase risk to the enterprise.”2
Here are some of the top predictions of cyber security for 2024+ that Gartner® expects to see:
“By 2027, two-thirds of global 100 organizations will extend D&O insurance to cyber security leaders due to personal legal exposure.”
Actions:
“By 2028, enterprise spend on battling malinformation will surpass $500 billion, cannibalizing 50% of marketing and cyber security budgets.”
Actions:
“By 2028, the adoption of GenAI will collapse the skills gap, removing the need for specialized education from 50% of entry-level cyber security positions.”
Actions:
“Through 2026, 75% of organizations will exclude unmanaged, legacy and cyber-physical systems from their zero-trust strategies.”
Actions:
“By 2026, enterprises combining GenAI with an integrated platforms-based architecture in security behavior and culture programs will experience 40% fewer employee-driven cyber security incidents.”
Actions:
“Through 2026, 40% of IAM leaders will take over the primary responsibility for detecting and responding to IAM-related breaches.”
Actions:
“By 2027, 70% of organizations will combine data loss prevention and insider risk management disciplines with IAM context to identify suspicious behavior more effectively.”
Actions:
“By 2027, 30% of cyber security functions will redesign application security to be consumed directly by non-cyber experts and owned by application owners.”
Actions:
Gartner® ventured exciting predictions:
Our key findings from the Gartner IT Symposium/Xpo™ make one thing clear: the cyber security landscape is becoming increasingly complex, the threats more intelligent, but also the solutions more diverse. Companies must act proactively:
Gartner® is a registered trademark and service mark and IT Symposium/Xpo is a trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Sources for this blog are Gartner IT Symposium/Xpo™ 2024 sessions in Barcelona:
1 Gartner Conference Session, Gartner IT Symposium/Xpo™, Outlook for Cyber-Risks 2025, Deepti Gopal, 6 November 2024, Barcelona.
2 Gartner Conference Session, Gartner IT Symposium/Xpo™, Leadership Vision for Security and Risk Management 2024-2025, Tom Scholtz, 4 November 2024, Barcelona.
3 Gartner Conference Session, Gartner IT Symposium/Xpo™, Gartner’s Cybersecurity Radar for CIOs, 2025-2026, Bart Willemsen, 4 November 2024, Barcelona.
4 Gartner Conference Session, Gartner IT Symposium/Xpo™, The Top Predictions for Cybersecurity for 2025, Deepti Gopal, 5 November 2024, Barcelona.
5 Gartner Conference Session, Gartner IT Symposium/Xpo™, Maverick: The Far Future according to Maverick, Frank Buytendijk and Marty Resnick, 5 November 2024, Barcelona.