The latest Gartner report has revealed the top predictions for chief information security officers (CISOs) for 2023-24.
Richard Addiscott, Senior Director Analyst and Lisa Neubauer, Director, Advisory at Gartner shared the top predictions prepared by Gartner cybersecurity experts at the Gartner Security & Risk Management Summit 2023, APAC — in Sydney, Australia.
PREDICTIONS
By 2027, 50 percent all chief information security officers (CISOs) will integrate human-centric design practices into their cybersecurity programs to minimize friction and maximize control adoption.
According to Gartner, over 90 percent of employees who engage in unsecure activities at work knowingly increase the risk to their organization. Human-centric security design puts individuals at the center of control design and implementation to minimize friction, rather than focusing on technology, threat, or location.
By 2024, most consumer data will be covered by modern privacy regulations, but less than 10 percent of organizations will have successfully leveraged privacy as a competitive advantage. Gartner suggests that a comprehensive privacy standard in line with GDPR can differentiate organizations in a highly competitive market and build trust with customers, partners, investors, and regulators.
By 2026, 10 percent of large enterprises will have a mature and measurable zero-trust program in place, a significant increase from the current less than 1 percent. Implementing a zero-trust program can be complex, but starting small and developing a zero-trust mindset can lead to benefits in the long term.
By 2027, 75 percent of employees will use technology outside of IT’s visibility, a significant increase from 2022. The role of the CISO is evolving from being control owners to risk decision facilitators, and engaging with employees is crucial to influence decision-making and ensure appropriate knowledge is in place.
By 2025, 50 percent of all cybersecurity leaders will have unsuccessfully attempted to use cyber risk quantification to drive enterprise decision-making. Rather than producing self-directed analyses, leaders should focus on quantification that decision makers ask for, achieving action-based results to reduce risk and save money.
By 2025, almost half of cybersecurity leaders will change jobs, with 25 percent taking on entirely different roles due to work-related stress. Gartner suggests that cultural shifts and support can help manage stress, promoting a closer relationship between CISOs and the board to improve trust and support.
By 2026, 70 percent of boards will have at least one member with cybersecurity expertise. To be recognized as business partners, cybersecurity leaders need to understand the board and enterprise risk appetite, and show how the cybersecurity program improves the organization’s ability to take risks effectively.
By 2026, over 60 percent of threat detection, investigation, and response capabilities will use exposure management data to validate and prioritize threats, up from less than 5 percent today. With the expansion of organizational attack surfaces, a unified platform for detection, investigation, and response can provide a complete picture of risk and potential impact.
