As part of Gartner’s Security & Risk Management Summit wrapping up today in Sydney, analysts from the company have unveiled eight predictions from within the cybersecurity sphere from 2022 to 2026. Several big changes to the security landscape were forecasted by Gartner, and the analytical firm urges that cybersecurity executives build these assumptions into their organizational posture for the next two years.
“We can’t fall into old habits and try to treat everything the same as we did in the past,” said Richard Addiscott, Gartner’s senior director analyst. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”
Gartner’s eight big cybersecurity predictions
The analytical firm identified the following predictions as aspects companies will need to keep in mind through the end of 2023:
1. Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover five billion citizens and more than 70% of global GDP.
With privacy regulations continuing to expand, nearly 3 billion individuals had access to consumer privacy rights across 50 countries last year according to Gartner. Theyanticipate that number to keep growing through the remainder of this year and the next, and recommends that enterprises track user rights to request a number of different privacy metrics such as cost per request and time to fulfill to better iron out any disorganization that may arise.
2. By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.
As hybrid and remote work continue to rise in popularity and frequency, companies are offering an integrated security service edge (SSE) solution to streamlined and privatized web access for their users along with security-as-a-service (SaaS) application security. According to Gartner, in this realm a single-vendor solution offers the greatest efficiency and security effectiveness by moving to this type of solution.
3. 60% of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits.
Zero-trust architecture continues to be a go-to model for many organizations and is only becoming more popular. Gartner predicts that many companies will not fully embrace this move as needed and make the requisite changes needed to make zero-trust security work efficiently from an organizational perspective. This in turn will lead to many companies forsaking the framework before fully realizing the potential advantages it can provide for businesses.
4. By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
The number of attacks related to third parties continue to increase, but companies could be doing more to monitor third parties for cybersecurity reasons. According to Gartner, only 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure. The company anticipates that organizations will begin doing more to communicate the potential security risk of doing business with third parties. This could range from observation of a supplier to completing complex risk assessments of third party companies.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
5. Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021.
Ransomware numbers continue to increase year over year, and Gartner believes that countries will begin doing more attempting to mitigate the revenue lost from payments stemming from ransomware. As ransomware collectives are now both stealing and encrypting data as part of their schemes, the company recommends putting an incident response team in place should your organization have to face a potential attack.
6. By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties.
With IoT becoming more prevalent in major cities, unfortunately these devices also open themselves up to potential cyber threats. The ability for hackers to potentially access items like street lights raises the potential for real world hazards to not only people but conceivably the environment as well, opening up opportunities for criminals to take advantage of these connected devices.
7. By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.
According to Gartner, the COVID-19 pandemic gave many industries insight into their own failings in the event of a large-scale disruption. Within the next three years, the company forecasts that the lessons learned from the pandemic will increase the amount of planning and support businesses have in place and thus make organizational resilience one of the top priorities in the years ahead.
8. By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts.
Stemming from some of the previous predictions, cybersecurity will be one of the most addressed business risks in the next four years. Gartner says they expect to see incentive based contracts drawn up for top-level executives tied to their ability to respond to potential cyber threats. This aims at increasing accountability for C-level executives and their treatment of cybersecurity moving forward.