Gartner IT Symposium/Xpo™: cyber security trends 2024

There was a lot of talk about cyber security in Barcelona. You can find out what developments we can expect here

19 January 2024Natalie Rupp

The next few years hold a number of challenges

The Gartner IT Symposium/Xpo™ in Barcelona was once again the meeting place for CIOs and IT managers in 2023. Here they look at technologies and trends that are shaping the future of IT, including the acceleration of business transformation, cyber security, generative AI, data analysis, customer experiences, and much more. The high-calibre sessions once again provided important insights for business development this year. What can we expect in the area of cyber security specifically?

Staff shortages are just the tip of the iceberg

The lack of skilled workers is not the only challenge for companies in terms of security. Increasing risks in the supply chain, new regulations, and emerging threats such as ransomware will also define the next few years. What can companies do to counter this? Which top trends are the answer to these challenges?

  • Continuous threat exposure management: continuous and risk-focused identification and response in the assessment of vulnerabilities
  • Identity fabric immunity: proactive and reactive securing of identity systems
  • Cyber security validation: continuous validation of controls, technology, and human processes
  • Platform consolidation: reduction in the complexity of security platforms through consolidation and integration
  • Composable security: grouping of security functions into reusable components
  • Human-centric design: designing of security controls with a user-defined approach
  • Structured personnel management: use of a structured approach for recruitment, training, and talent development/retention.
  • Board oversight: change in communication with the management board toward business-oriented instead of technical key figures

A holistic approach that incorporates technologies, processes, and people is therefore necessary in order to be prepared for the challenges of the coming years.

The risks of generative AI are often underestimated

The use of ChatGPT and other generative AI models in companies poses a major challenge for those responsible for security. This is because the benefits of AI applications are often recognised more than the risks, and people forget that the company's attack surface is massively increased. The risk of falsified or inaccurate information, the aspect of intellectual property and liability, or even data protection issues and the potential misuse of data are just some of the aspects that companies need to be aware of. The use of this technology is gathering pace.

Two Gartner® assessments for the "Marketing and Media" sector


By 2025, 30 percent of outbound marketing messages from large organisations will be generated synthetically, compared to less than 2 percent in 2022. 

In 2030, a major blockbuster film will be released where 90 percent of the film was generated by AI (from text to video), compared to 0 percent in 2022.

But AI innovations are also accelerating in other areas, e.g. in drug development, materials management, chip design, the creation of synthetic data, and the design of parts in general.

Here, too, Gartner® offers some food for thought on how to minimise risk, including organisational steps such as setting up an AI task force and technological solutions such as content anomaly detection. The establishment of organisational structures, transparent models, comprehensible guidelines, and continuous monitoring play an important role in stopping cyber security threats.1

An important factor in 2024 will remain: people

What lies ahead in terms of cyber security over the next few years? In principle, the focus is on people. It is recognised that people are both part of the problem and part of the solution. Security models that take greater account of human capabilities will come to the fore.

Gartner® sees a need for action here2

Data protection as an advantage

By 2024, modern data protection regulations will cover the majority of consumer data, but less than 10 percent of companies will have successfully used data protection as a competitive advantage.

A comprehensive data protection standard enables companies to stand out in a highly competitive market, use data more extensively, and build trust with customers, partners, and investors.

Challenges in leadership

By 2025, almost half of cyber security leaders will change jobs, and 25 percent will take on a completely different role due to multiple workloads.

Cyber security managers are under high pressure, and successes are difficult to communicate. A cultural change and support for demanding and stressful tasks can counteract this trend.

A different perspective on cyber risks

By 2025, 50 percent of cyber security managers will have tried unsuccessfully to use cyber risk quantification to make business decisions.

Awareness of cyber risks is increasing, but action-oriented results are achieved in only one in three cases. A shift from the creation of self-directed analyses to quantifications required by decision-makers provides a remedy.

Slow introduction of Zero Trust

By 2026, 10 percent of large companies will have implemented a comprehensive, mature and measurable Zero Trust program, compared to less than 1 percent today.

Comprehensive Zero Trust implementation is usually realised slowly, as it can become complex. A step-by-step approach called "Zone Defence" is recommended to better understand the benefits of the model and manage complexity gradually.

Threat detection with exposure management data

By 2026, more than 60 percent of threat detection, investigation, and response (TDIR) functions will use exposure management data to validate and prioritise detected threats – up from less than 5 percent today.

To give security teams a complete picture of risks and potential impacts, a centralised location for continuous monitoring is recommended.

More cyber security experts on management boards

By 2026, 70 percent of management boards will have a member with cyber security expertise.

In order to raise awareness of cyber security in companies, it is advantageous if cyber security experts are part of the board/management. In this way, security managers can not only show how security measures can prevent unwelcome incidents, but also how companies can better prepare for risks.

User-driven technology adaptation

By 2027, 75 percent of employees will acquire, modify, or create technologies that are not under the control of the IT department – compared to 41 percent in 2022.

It is important to engage intensively with employees so that they have the appropriate knowledge to act in a well-founded manner.

Human security practices

By 2027, 50 percent of CISOs will formally incorporate human-centred design practices into their cyber security programs to minimise operational friction and maximise control adoption.

Research from Gartner shows that over 90 percent of employees who performed unsafe acts at work were aware that these increased the risk to the organisation. Human-centred security design puts people at the heart of control development and implementation, instead of technology, threat, or location.


The Gartner IT Symposium/Xpo™ once again showcased a comprehensive range of trends and developments this year. In the area of cyber security, the integration of people, the introduction of Zero Trust, and compliance with data protection are the key aspects for the coming years. The decisive factor here is to focus not only on technological solutions, but above all on human components. This will enable companies to better meet future cyber security challenges.

You may also find this interesting

About the author
Portrait of Natalie Rupp

Natalie Rupp

Sales Enablement Manager, T-Systems Austria GesmbH

Show profile and articles

1 Beyond ChatGPT: the future of generative AI for businesses, Gartner, 2023, gartner.de

2 Gartner unveils top eight cyber security predictions for 2023-2024, Gartner, 2023, gartner.com

Do you visit t-systems.com outside of Singapore? Visit the local website for more information and offers for your country.