Gartner's Top 8 Cybersecurity Predictions for the Coming Year

cybersecurity

In the realm of cybersecurity and risk management, "major disruption is only one crisis away," according to Richard Addiscott, senior director analyst specializing in cybersecurity at research firm Gartner. "We can't control it, but we can evolve our thinking, our philosophy, our program and our architecture." Speaking in the opening keynote at the recent Gartner Security & Risk Management Summit in Sydney, Australia, Addiscott emphasized that security and risk leaders must not "fall into old habits and try to treat everything the same as we did in the past."

The key: looking toward the future to develop a security and privacy strategy that will enable organizations to thrive even in hostile environments. To inform cybersecurity leaders' strategic planning, Gartner offered the following predictions for 2022-2023.

1) "Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP." Worldwide, privacy regulations continue to expand, Gartner pointed out. The firm's recommendation: Organizations should "track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation."

2) "By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor's SSE platform." Particularly in today's hybrid work environments, an integrated security service edge (SSE) solution helps provide "consistent and simple web, private access and SaaS application security," Gartner noted. The firm favors single-vendor over best-of-breed solutions for efficiencies such as "tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted."

3) "Sixty percent of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits." Zero trust, the security model in which endpoint devices are not trusted by default and instead given context-based network access, has become a buzzword among security vendors as well as government guidance. Unlocking the true power of zero trust, however, "requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits," Gartner said.

4) "By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements." Currently, "only 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure," Gartner said. With cyberattacks increasing and consumer and regulator concerns on the rise, "organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions," the firm predicted.

5) "Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021." As Gartner put it, "The decision to pay the ransom or not is a business-level decision, not a security one." Increased government regulation will further complicate incident response — perhaps that's why the firm recommends "engaging a professional incident response team as well as law enforcement and any regulatory body before negotiating."

6) "By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties." Operational technology — defined by Gartner as "hardware and software that monitors or controls equipment, assets and processes" — has become an increasingly common target of cyberattacks, the firm noted. In these environments, concerns of information theft take a back seat to "real-world hazards to humans and the environment."

7) "By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities." The COVID-19 pandemic has made clear that traditional approaches to business continuity planning can't keep up with a large-scale disruption, Gartner pointed out. Risk leaders must "recognize organizational resilience as a strategic imperative and build an organization-wide resilience strategy that also engages staff, stakeholders, customers and suppliers," the firm recommended.

8) "By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts." According to a fall 2021 Gartner survey, 88% of boards of directors now view cybersecurity as a business risk rather than a risk within IT. And while Gartner data suggests that the CIO, CISO or equivalent role is still the top person held accountable for cybersecurity in 85% of organizations today, over the coming years the firm "expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders."

A Gartner e-book on the top strategic priorities for security & privacy leaders is available for complimentary download here (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • abstract illustration of a glowing AI-themed bar graph on a dark digital background with circuit patterns

    Stanford 2025 AI Index Reveals Surge in Adoption, Investment, and Global Impact as Trust and Regulation Lag Behind

    Stanford University's Institute for Human-Centered Artificial Intelligence (HAI) has released its AI Index Report 2025, measuring AI's diverse impacts over the past year.

  • modern college building with circuit and brain motifs

    Anthropic Launches Claude for Education

    Anthropic has announced a version of its Claude AI assistant tailored for higher education institutions. Claude for Education "gives academic institutions secure, reliable AI access for their entire community," the company said, to enable colleges and universities to develop and implement AI-enabled approaches across teaching, learning, and administration.

  • lightbulb

    Call for Speakers Now Open for Tech Tactics in Education: Overcoming Roadblocks to Innovation

    The annual virtual conference from the producers of Campus Technology and THE Journal will return on September 25, 2025, with a focus on emerging trends in cybersecurity, data privacy, AI implementation, IT leadership, building resilience, and more.

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.