Application Security

Gartner’s top recommendations for security leaders

Gartner’s top recommendations for security leaders
Written by ga_dahmani
Gartner’s top recommendations for security leaders

Executive performance appraisals will increasingly be tied to the ability to manage cyber risk; Nearly a Third of Nations Will Regulate Ransomware Response in Next Three Years; and security platform consolidation will help organizations thrive in harsh environments, according to leading cybersecurity predictions revealed by Gartner.

In the keynote address at the Gartner Security and Risk Management Summit in Sydney, Richard Addiscott, Senior Analyst Director, and Rob McMillan, Gartner Managing Vice President, discussed the top predictions prepared by Gartner’s cybersecurity experts to help security and risk management leaders to succeed in the digital age

Addiscott says, “We can’t fall into old habits and try to treat everything the same way we have in the past. Most security and risk leaders now recognize that a major disruption is just one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”

Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years.

consumer privacy

Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover five billion citizens and more than 70% of global GDP. As of 2021, nearly three billion people had access to consumer privacy rights in 50 countries, and privacy regulation continues to expand.

Gartner recommends that organizations track subject rights request metrics, including cost per request and fulfillment time, to identify inefficiencies and justify accelerated automation.

Single vendor solutions

By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access from a single vendor’s SSE platform. With a hybrid workforce and data everywhere accessible by everything, providers offer an integrated security service edge (SSE) solution to deliver consistent and simple web, private access and SaaS application security.

Single-vendor solutions deliver significant operational efficiency and security effectiveness compared to best-in-class solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected, and re-encrypted .

zero trust

60% of organizations will adopt zero trust as the starting point for security by 2025, according to analysts. More than half will not realize the benefits. According to Gartner, the term zero trust is now prevalent in security vendor marketing and government security guidance.

As a mindset, replacing implicit trust with risk-appropriate trust based on identity and context is powerful, according to analysts. However, since zero trust is as much a security principle as it is an organizational vision, it requires a cultural shift and clear communication linking it to business outcomes to achieve benefits.

Third Party Risk

By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. Third-party-related cyberattacks are on the rise, Gartner finds. Yet only 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure.

As a result of consumer concerns and regulatory interest, Gartner believes that organizations will begin to impose cybersecurity risk as a significant determining factor when doing business with third parties, from simply monitoring a critical technology vendor to complex due diligence for mergers and acquisitions.

Ransomware regulation

By 2025, 30% of nation states will pass laws regulating ransomware payments, fines, and dealings, up from less than 1% in 2021. Modern ransomware gangs now steal data and encrypt it. The decision to pay the ransom or not is a business decision, not a security one.

Gartner recommends engaging a professional incident response team, as well as the police and any regulatory bodies before trading.

Operational technology attacks

By 2025, threat actors will have successfully weaponized operational technology environments to cause human casualties. Attacks on OT (hardware and software that monitor or control equipment, assets and processes) have become more common and disruptive.

In operational environments, security and risk management leaders should be more concerned with real-world dangers to humans and the environment, rather than information theft, according to Gartner.

culture of resilience

By 2025, 70% of CEOs will demand a culture of organizational resilience to survive the coincidental threats of cybercrime, severe weather, civil unrest, and political instabilities. The COVID-19 pandemic has exposed the inability of traditional business continuity management planning to support an organization’s response to a large-scale outage.

With the disruption likely to continue, Gartner recommends that risk leaders recognize organizational resiliency as a strategic imperative and build an organization-wide resiliency strategy that also engages staff, stakeholders, customers and vendors.

Risk performance requirements

By 2026, 50% of C-level executives will have risk-related performance requirements built into their employment contracts, Gartner says. Most boards now view cybersecurity as a business risk rather than just an IT technical issue, according to a recent Gartner survey. As a result, analysts expect to see a shift in formal responsibility for dealing with cyber risks from the security leader to senior business leaders.

About the author


Leave a Comment