Top 8 Prediction for Cybersecurity within the next 2 years

Gartner analysts at the Security & Risk Management Summit in Sydney on March 28-29 have revealed their top eight cybersecurity predictions for 2023-2024.

They suggest that cybersecurity leaders should incorporate the following assumptions into their security strategies for the next two years.

Firstly, by 2027, around half of CISOs will implement human-centric design practices into their cybersecurity programs to reduce operational friction and encourage the adoption of security controls.

According to the research, more than 90% of employees who admitted to engaging in unsecure activities during work knew the risks but continued to do so anyway. Human-centric security design focuses on the individual rather than the technology, location or threat, to minimize friction and enhance security control implementation.

By 2024 most consumer data will be subject to modern privacy regulations, but only a small percentage of organizations will successfully leverage privacy as a competitive advantage

However, businesses are starting to realize that a robust privacy program can help them use data more effectively, stand out from competitors, and establish trust with stakeholders. To achieve these benefits, they recommend that security leaders implement a comprehensive privacy standard aligned with GDPR to gain a competitive edge in the marketplace and facilitate growth without restrictions.

By 2026, a small percentage of large enterprises, specifically 10%, are expected to have a complete and sophisticated zero-trust program that can be measured and evaluated.

Currently, the percentage of companies with such programs is less than 1%. The deployment of a comprehensive zero-trust program involves the integration and configuration of numerous complex components, which can be daunting for many organizations. To achieve success, it is crucial to establish a clear understanding of the program’s business value. Starting with small steps and continuously evolving towards a zero-trust mentality can facilitate the implementation process and help organizations better understand the benefits of the program.

By 2027 there will be a significant rise in the number of employees who procure, alter or create technology outside of IT's direct oversight.

This trend poses a considerable challenge to cybersecurity leaders who must adapt to the evolving threat landscape. As a result, the role of the CISO is transforming from control owners to risk decision facilitators. To effectively address this change, organizations must shift their focus from technology and automation to employee engagement. Gartner recommends developing a comprehensive cybersecurity operating model that involves employees at all levels to influence decision making and ensure that they possess the necessary knowledge to make informed choices.

By 2025, half of cybersecurity leaders will have attempted to utilize cyber risk quantification to influence enterprise decision making, but only a minority will have achieved actionable outcomes.

According to the research, many organizations have struggled to translate cyber risk quantification into tangible business results, despite seeing benefits such as improved risk awareness and credibility. To succeed, security leaders must focus on producing quantification analyses that align with decision makers’ needs, rather than self-directed analyses that require persuasion to gain traction.

By 2025, nearly 50% of cybersecurity leaders will have changed jobs, with a quarter transitioning to different roles entirely, due to mounting work-related stressors.

The COVID-19 pandemic and staffing shortages have exacerbated the already high stress levels among cybersecurity professionals, making their jobs unsustainable. To address this issue, it is recommended to foster a culture of support that enables individuals to manage stressful roles effectively. By shifting the rules of engagement, organizations can create cultural changes that help cybersecurity professionals thrive.

By 2026, the majority of corporate boards (70%) will have at least one member with cybersecurity expertise to better manage cyber risks and align security with business objectives.

Cybersecurity leaders should focus on demonstrating the business value of their security programs and how they can help the organization take calculated risks. This requires building strong relationships with the board and other stakeholders, and promoting a culture of risk management across the enterprise. CISOs should proactively engage with the board to provide strategic guidance and promote cybersecurity awareness.

Over the next five years, threat detection, investigation, and response (TDIR) capabilities will increasingly rely on exposure management data to identify and prioritize threats, with over 60% of TDIR solutions leveraging such data by 2026.

With the growing complexity of IT environments and the proliferation of digital assets, organizations require comprehensive visibility into their attack surface and a unified platform to manage security incidents.

TDIR capabilities provide a holistic approach to threat management, leveraging exposure data to prioritize and remediate risks. Security leaders should invest in TDIR solutions that can integrate with other security tools and provide a seamless experience for security operations teams.


Other blog posts


The new NIS 2 Regulation Companies and authorities need to...

Read More