Human Casualties from Cybercrime, More Zero Trust Among Gartner Cybersecurity Predictions
More organizations will embrace zero trust, but miss out on the full benefits.
![Cybersecurity crystal ball Cybersecurity crystal ball](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltb6f23fb31bce3ab9/652423df97252097f608b5dd/Cybersecurity-Crystal-Ball.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
By 2025, threat actors will have weaponized operational technology (OT) environments successfully to cause human casualties, according to Gartner.
Attacks on OT, hardware and software that monitor or control equipment, assets and processes, have become more common and more disruptive. In operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft, according to Gartner.
Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global gross domestic product (GDP), according to Gartner.
As of 2021, almost 3 billion individuals had access to consumer privacy rights across 50 countries, and privacy regulation continues to expand. Gartner recommends organizations track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation.
By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s secure service edge (SSE) platform.
With a hybrid workforce and data everywhere accessible by everything, vendors are offering an integrated SSE solution to deliver consistent and simple web, private access and SaaS application security, Gartner said. Single-vendor solutions provide significant operational efficiency and security effectiveness compared to best-of-breed solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.
Sixty percent of organizations will embrace zero trust as a starting point for security by 2025, according to Gartner. Howeverr, more than half will fail to realize the benefits.
The term zero trust is now prevalent in security vendor marketing and in security guidance from governments, it said. As a mindset — replacing implicit trust with identity-and context-based risk appropriate trust — it is extremely powerful. However, as zero trust is both a security principle and an organizational vision, it requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits.
By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements, Gartner said.
Cyberattacks related to third parties are increasing. However, only 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure, according to Gartner data. As a result of consumer concerns and interest from regulators, Gartner believes organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties. That will range from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.
Through 2025, 30% of nation-states will pass legislation that regulates ransomware payments, fines and negotiations, Gartner said. That’s up from less than 1% in 2021.
Modern ransomware gangs now steal data as well as encrypt it. The decision whether to pay the ransom is a business-level decision, not a security one. Gartner recommends engaging a professional incident response team, as well as law enforcement and any regulatory body before negotiating.
By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities, Gartner said.
The COVID-19 pandemic has exposed the inability of traditional business continuity management planning to support an organization’s response to a large-scale disruption. With continued disruption likely, Gartner recommends risk leaders recognize organizational resilience as a strategic imperative and build an organization-wide resilience strategy that also engages staff, stakeholders, customers and suppliers.
By 2026, one-half of C-level executives will have performance requirements related to risk built into their employment contracts, Gartner said.
Most boards now regard cybersecurity as a business risk rather than solely a technical IT problem, according to a recent Gartner survey. As a result, Gartner expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders.
By 2026, one-half of C-level executives will have performance requirements related to risk built into their employment contracts, Gartner said.
Most boards now regard cybersecurity as a business risk rather than solely a technical IT problem, according to a recent Gartner survey. As a result, Gartner expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders.
Cyberattacks will increasingly involve human casualties, while an increasing number of organizations will embrace zero trust. That’s according to the latest Gartner predictions for cybersecurity.
In the opening keynote at this week’s Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, senior director analyst, and Rob McMillan, managing vice president at Gartner, discussed the top predictions prepared by Gartner cybersecurity experts.
The predictions aim to help security and risk management leaders be successful in the digital era.
Gartner’s Richard Addiscott
“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott said. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”
Gartner estimated spending on information security and risk management will total $172 billion in 2022. That’s up from $155 billion in 2021 and $137 billion the year before.
Gartner recommends cybersecurity leaders build its strategic planning assumptions into their security strategies for the next two years.
Scroll through our slideshow above for Gartner’s cybersecurity predictions.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like