Executive performance evaluations will increasingly be linked to the ability to manage cyber risks; nearly a third of countries will regulate response to ransomware within the next three years; and consolidation of security platforms will help organizations thrive in hostile environments, according to key cybersecurity predictions revealed by Gartner.
In the opening keynote at the Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, senior director analyst, and Rob McMillan, managing vice president at Gartner, discussed the top forecasts prepared by Gartner cybersecurity experts to help security and risk management leaders to be successful in the digital age.
Addiscott says, “We can’t fall into old habits and try to treat everything the same way we did in the past. Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it but can develop our thinking, philosophy, program, and architecture.”
Gartner recommends cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years.
Consumer privacy
By 2023, five billion citizens and more than 70% of global GDP will be covered by government regulations requiring organizations to grant consumer privacy rights. As of 2021, nearly three billion people had access to consumer privacy rights in 50 countries, and privacy regulations continue to expand.
Gartner recommends organizations track metrics about subject rights requests, including cost per request and time to comply, to identify inefficiencies and justify accelerated automation.
Solutions for one supplier
By 2025, 80% of enterprises will adopt a strategy to unify access to the Internet, cloud services, and private applications from the SSE platform from one vendor. With a hybrid workforce and data accessible to anyone from anywhere, vendors provide an integrated Security Service Edge (SSE) solution to deliver consistent and simple web, private access, and SaaS application security.
Single-vendor solutions provide significant operational efficiencies and security effectiveness compared to the best solutions, including tighter integration, fewer consoles to use, and fewer locations to decrypt, inspect, and re-encrypt.
Zero trust
60% of organizations will embrace zero faith as the basis for security by 2025, the analysts say. More than half will not realize the benefits. According to Gartner, zero trust is now common in security vendor marketing and government security guidelines.
As a mindset of replacing implicit trust with identity- and context-based, risk-appropriate trust, it’s powerful, the analysts say. However, since zero trust is both a security principle and an organizational vision, it requires a cultural shift and clear communication that links it to business results to reap the benefits.
Third-Party Risk
Cyberattacks related to third parties are on the rise, Gartner notes. By 2025, 60% of organizations will use cybersecurity risk as a primary determinant when conducting third-party transactions and business assignments. However, only 23% of security and risk leaders monitor third parties for real-time cybersecurity exposure.
As a result of consumer concerns and regulators’ interest, Gartner believes that organizations will begin to view cybersecurity risks as a key determinant of doing business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions. Takeovers.
Ransomware Regulations
By 2025, 30% of nation-states will pass legislation regulating payments, fines, and negotiations for ransomware, down from less than 1% in 2021. Modern ransomware gangs are now stealing and encrypting data. Whether or not to pay the ransom is a company-level decision, not a security decision.
Before negotiating, Gartner recommends engaging a professional incident response team, law enforcement, and regulatory agency.
Attacking Operational Technology
By 2025, threat actors will have successfully weaponized operational technology environments to inflict human casualties. Attacks on OT – hardware and software that monitor or control equipment, assets, and processes – are becoming more common and have more disruptive effects.
In operational environments, security and risk management leaders should be more concerned about real threats to people and the environment than information theft, Gartner said.
Culture of resilience
By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coincident threats of cybercrime, severe weather, civil unrest, and political instability. The COVID-19 pandemic has exposed the inability of traditional business continuity management planning to support the organization’s response to a large-scale disruption.
Since continued disruption is likely, Gartner recommends that risk leaders recognize organizational resilience as a strategic imperative and develop an organization-wide resilience strategy that includes staff, stakeholders, customers, and suppliers.
According to a recent Gartner survey, most boards now view cybersecurity as a business risk rather than a technical IT problem. As a result, the analysts expect a shift in formal responsibility for handling cyber threats from the security leader to senior business leaders. By 2026, Gartner said that 50% of C-level executives will risk performance requirements built into their employment contracts.