The Gartner IT Symposium/Xpo™ in Barcelona was once again the meeting place for CIOs and IT managers in 2023. Here they look at technologies and trends that are shaping the future of IT, including the acceleration of business transformation, cyber security, generative AI, data analysis, customer experiences, and much more. The high-caliber sessions once again provided important insights for business development this year. What can we expect in the area of cyber security specifically?
The lack of skilled workers is not the only challenge for companies in terms of security. Increasing risks in the supply chain, new regulations, and emerging threats such as ransomware will also define the next few years. What can companies do to counter this? Which top trends are the answer to these challenges?
A holistic approach that incorporates technologies, processes, and people is therefore necessary in order to be prepared for the challenges of the coming years.
The use of ChatGPT and other generative AI models in companies poses a major challenge for those responsible for security. This is because the benefits of AI applications are often recognized more than the risks, and people forget that the company's attack surface is massively increased. The risk of falsified or inaccurate information, the aspect of intellectual property and liability, or even data protection issues and the potential misuse of data are just some of the aspects that companies need to be aware of. The use of this technology is gathering pace.
By 2025, 30 percent of outbound marketing messages from large organizations will be generated synthetically, compared to less than 2 percent in 2022.
In 2030, a major blockbuster movie will be released where 90 percent of the movie was generated by AI (from text to video), compared to 0 percent in 2022.
But AI innovations are also accelerating in other areas, e.g. in drug development, materials management, chip design, the creation of synthetic data, and the design of parts in general.
Here, too, Gartner® offers some food for thought on how to minimize risk, including organizational steps such as setting up an AI task force and technological solutions such as content anomaly detection. The establishment of organizational structures, transparent models, comprehensible guidelines, and continuous monitoring play an important role in stopping cyber security threats.1
What lies ahead in terms of cyber security over the next few years? In principle, the focus is on people. It is recognized that people are both part of the problem and part of the solution. Security models that take greater account of human capabilities will come to the fore.
Gartner® sees a need for action here2
By 2024, modern data protection regulations will cover the majority of consumer data, but less than 10 percent of companies will have successfully used data protection as a competitive advantage.
A comprehensive data protection standard enables companies to stand out in a highly competitive market, use data more extensively, and build trust with customers, partners, and investors.
By 2025, almost half of cyber security leaders will change jobs, and 25 percent will take on a completely different role due to multiple workloads.
Cyber security managers are under high pressure, and successes are difficult to communicate. A cultural change and support for demanding and stressful tasks can counteract this trend.
By 2025, 50 percent of cyber security managers will have tried unsuccessfully to use cyber risk quantification to make business decisions.
Awareness of cyber risks is increasing, but action-oriented results are achieved in only one in three cases. A shift from the creation of self-directed analyzes to quantifications required by decision-makers provides a remedy.
By 2026, 10 percent of large companies will have implemented a comprehensive, mature and measurable Zero Trust program, compared to less than 1 percent today.
Comprehensive Zero Trust implementation is usually realized slowly, as it can become complex. A step-by-step approach called "Zone Defense" is recommended to better understand the benefits of the model and manage complexity gradually.
By 2026, more than 60 percent of threat detection, investigation, and response (TDIR) functions will use exposure management data to validate and prioritize detected threats – up from less than 5 percent today.
To give security teams a complete picture of risks and potential impacts, a centralized location for continuous monitoring is recommended.
By 2026, 70 percent of management boards will have a member with cyber security expertise.
In order to raise awareness of cyber security in companies, it is advantageous if cyber security experts are part of the board/management. In this way, security managers can not only show how security measures can prevent unwelcome incidents, but also how companies can better prepare for risks.
By 2027, 75 percent of employees will acquire, modify, or create technologies that are not under the control of the IT department – compared to 41 percent in 2022.
It is important to engage intensively with employees so that they have the appropriate knowledge to act in a well-founded manner.
By 2027, 50 percent of CISOs will formally incorporate human-centered design practices into their cyber security programs to minimize operational friction and maximize control adoption.
Research from Gartner shows that over 90 percent of employees who performed unsafe acts at work were aware that these increased the risk to the organization. Human-centered security design puts people at the heart of control development and implementation, instead of technology, threat, or location.
The Gartner IT Symposium/Xpo™ once again showcased a comprehensive range of trends and developments this year. In the area of cyber security, the integration of people, the introduction of Zero Trust, and compliance with data protection are the key aspects for the coming years. The decisive factor here is to focus not only on technological solutions, but above all on human components. This will enable companies to better meet future cyber security challenges.
1 Beyond ChatGPT: the future of generative AI for businesses, Gartner, 2023, gartner.de
2 Gartner Unveils Top Eight Cyber Security Predictions for 2023-2024, Gartner, 2023, gartner.com