Gartner's Top 8 Cybersecurity Predictions for the Coming Year

cybersecurity

In the realm of cybersecurity and risk management, "major disruption is only one crisis away," according to Richard Addiscott, senior director analyst specializing in cybersecurity at research firm Gartner. "We can't control it, but we can evolve our thinking, our philosophy, our program and our architecture." Speaking in the opening keynote at the recent Gartner Security & Risk Management Summit in Sydney, Australia, Addiscott emphasized that security and risk leaders must not "fall into old habits and try to treat everything the same as we did in the past."

The key: looking toward the future to develop a security and privacy strategy that will enable organizations to thrive even in hostile environments. To inform cybersecurity leaders' strategic planning, Gartner offered the following predictions for 2022-2023.

1) "Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP." Worldwide, privacy regulations continue to expand, Gartner pointed out. The firm's recommendation: Organizations should "track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation."

2) "By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor's SSE platform." Particularly in today's hybrid work environments, an integrated security service edge (SSE) solution helps provide "consistent and simple web, private access and SaaS application security," Gartner noted. The firm favors single-vendor over best-of-breed solutions for efficiencies such as "tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted."

3) "Sixty percent of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits." Zero trust, the security model in which endpoint devices are not trusted by default and instead given context-based network access, has become a buzzword among security vendors as well as government guidance. Unlocking the true power of zero trust, however, "requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits," Gartner said.

4) "By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements." Currently, "only 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure," Gartner said. With cyberattacks increasing and consumer and regulator concerns on the rise, "organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions," the firm predicted.

5) "Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021." As Gartner put it, "The decision to pay the ransom or not is a business-level decision, not a security one." Increased government regulation will further complicate incident response — perhaps that's why the firm recommends "engaging a professional incident response team as well as law enforcement and any regulatory body before negotiating."

6) "By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties." Operational technology — defined by Gartner as "hardware and software that monitors or controls equipment, assets and processes" — has become an increasingly common target of cyberattacks, the firm noted. In these environments, concerns of information theft take a back seat to "real-world hazards to humans and the environment."

7) "By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities." The COVID-19 pandemic has made clear that traditional approaches to business continuity planning can't keep up with a large-scale disruption, Gartner pointed out. Risk leaders must "recognize organizational resilience as a strategic imperative and build an organization-wide resilience strategy that also engages staff, stakeholders, customers and suppliers," the firm recommended.

8) "By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts." According to a fall 2021 Gartner survey, 88% of boards of directors now view cybersecurity as a business risk rather than a risk within IT. And while Gartner data suggests that the CIO, CISO or equivalent role is still the top person held accountable for cybersecurity in 85% of organizations today, over the coming years the firm "expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders."

A Gartner e-book on the top strategic priorities for security & privacy leaders is available for complimentary download here (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.

  • multiple computer monitors connected by glowing blue lines in a network grid

    Gartner Forecasts Increased Spending on Desktop as a Service as Cost Optimization, Sustainability Drive Adoption

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • stylized figures, resumes, a graduation cap, and a laptop interconnected with geometric shapes

    OpenAI to Launch AI-Powered Jobs Platform

    OpenAI announced it will launch an AI-powered hiring platform by mid-2026, directly competing with LinkedIn and Indeed in the professional networking and recruitment space. The company announced the initiative alongside an expanded certification program designed to verify AI skills for job seekers.

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.