Executive performance appraisals will increasingly be tied to the ability to manage cyber risk; Nearly a Third of Nations Will Regulate Ransomware Response in Next Three Years; and security platform consolidation will help organizations thrive in harsh environments, according to leading cybersecurity predictions revealed by Gartner.
Speaking at the Gartner Security and Risk Management Summit in Sydney, Richard AddiscottDirector Senior Analyst and Rob McMillanGartner Executive Vice President discussed the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders succeed in the digital age.
“We can’t fall back into old habits and try to treat everything the same way we have in the past,” Addiscott said. “Most security and risk leaders now recognize that a major disruption is just one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”
Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years.
Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.
As of 2021, nearly 3 billion people had access to consumer privacy rights in 50 countries, and privacy regulation continues to expand. Gartner recommends that organizations track subject rights request metrics, including cost per request and fulfillment time, to identify inefficiencies and justify accelerated automation.
By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access from a single vendor’s SSE platform.
With a hybrid workforce and data everywhere accessible by everything, providers offer an integrated security service edge (SSE) solution to deliver consistent and simple web, private access and SaaS application security. Single-vendor solutions deliver significant operational efficiency and security effectiveness compared to best-in-class solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected, and re-encrypted .
60% of organizations will adopt Zero Trust as their starting point for security by 2025. More than half will fail to reap the benefits.
The term zero trust is now prevalent in security vendor marketing and government security guidance. As a mindset, replacing implicit trust with risk-appropriate trust based on identity and context is extremely powerful. However, since zero trust is as much a security principle as it is an organizational vision, it requires a cultural shift and clear communication linking it to business outcomes to achieve benefits.
By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
Cyber attacks related to third parties are on the rise. Yet only 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure, according to Gartner data. As a result of consumer concerns and regulatory interest, Gartner believes that organizations will begin to impose cybersecurity risk as a significant determining factor when doing business with third parties, from simply monitoring a critical technology vendor to complex due diligence for mergers and acquisitions.
By 2025, 30% of nation states will pass legislation regulating ransomware payments, fines, and dealings, up from less than 1% in 2021.
Modern ransomware gangs now steal data and encrypt it. The decision to pay the ransom or not is a business decision, not a security one. Gartner recommends engaging a professional incident response team, as well as the police and any regulatory bodies before trading.
By 2025, threat actors will have successfully weaponized operational technology environments to cause human casualties.
Attacks on OT (hardware and software that monitor or control equipment, assets and processes) have become more common and disruptive. In operational environments, security and risk management leaders should be more concerned with real-world dangers to humans and the environment, rather than information theft, according to Gartner.
By 2025, 70% of CEOs will demand a culture of organizational resilience to survive the coincidental threats of cybercrime, severe weather, civil unrest, and political instabilities.
the COVID-19 The pandemic has exposed the inability of traditional business continuity management planning to support an organization’s response to a large-scale outage. With the disruption likely to continue, Gartner recommends that risk leaders recognize organizational resiliency as a strategic imperative and build an organization-wide resiliency strategy that also engages staff, stakeholders, customers and vendors.
By 2026, 50% of C-level executives will have risk-related performance requirements built into their employment contracts.
Most boards now view cybersecurity as a business risk rather than just an IT technical issue, according to a recent Gartner survey. As a result, Gartner expects to see a shift in formal responsibility for addressing cyber risks from the security leader to senior business leaders.