Gartner has announced its top cybersecurity predictions for 2024 and the years ahead, highlighting significant shifts in the industry.
These forecasts, disclosed at the Gartner Security & Risk Management Summit in Sydney, include the adoption of generative AI (GenAI) to address cybersecurity skills shortages, the extension of directors and officers insurance to cybersecurity leaders, and the mounting cost of combating malinformation.
Deepti Gopal, Director Analyst at Gartner, emphasized the growing importance of human-centric approaches in cybersecurity, stating, “The scope of the top predictions this year is clearly not on technology, as the human element continues to gain far more attention.”
Gartner predicts that by 2028, GenAI adoption will close the cybersecurity skills gap, eliminating the need for specialized education in half of entry-level cybersecurity positions. The integration of GenAI with security behavior and culture programs (SBCP) is anticipated to reduce employee-driven cybersecurity incidents by 40 percent by 2026.
Furthermore, Gartner forecasts that by 2027, two-thirds of the world’s largest organizations will extend directors and officers insurance to cybersecurity leaders, recognizing the personal legal exposure they face due to evolving laws and regulations.
The battle against malinformation is also expected to escalate, with enterprise spending projected to exceed $500 billion by 2028. This expenditure is anticipated to consume half of marketing and cybersecurity budgets as organizations invest in combating misinformation facilitated by advanced technologies.
Additionally, Gartner predicts significant shifts in identity and access management (IAM) responsibilities, with IAM leaders expected to take primary responsibility for detecting and responding to IAM-related breaches by 2026. Furthermore, by 2027, 70 percent of organizations are forecasted to integrate data loss prevention and insider risk management disciplines with IAM context to enhance suspicious behavior detection.
Lastly, the report suggests that by 2027, 30 percent of cybersecurity functions will revamp application security to be accessible to non-cyber experts and owned by application owners, reflecting the evolving landscape of application development and security requirements.
These predictions underscore the evolving nature of cybersecurity challenges and the imperative for organizations to adapt their strategies to address emerging threats and technological advancements. As Gopal concluded, “Any CISO looking to build an effective and sustainable cybersecurity program must make this a priority.”
